{
  "name": "Uncovering ICICI Phishing Campaign: New Fraud App Found",
  "slug": "uncovering-icici-phishing-campaign-new-fraud-app-found",
  "description": "A malicious host mimicking ICICI Bank has been discovered, along with a fraudulent app disguised as ICICI Helpdesk. The phishing domain, cppcccare.com, is hosted on an ASN known for various malicious activities. The fraudulent app, named 'ICICI.apk', is detected as a Trojan Banker, Keylogger, and SMSspy. It's believed to have been operational since August 2024, with a falsely inflated download count of 500K+. The app's description matches other fraudulent apps, indicating a broader phishing campaign. The incident has been reported to the bank, hosting provider, and CERT-IN authorities. The article provides detailed technical information about the malicious domain and app, including file hashes and package details.",
  "published": "2024-09-24T12:09:56+00:00",
  "created_at": "2024-09-24T12:09:56+00:00",
  "modified_at": "2024-09-24T12:38:17+00:00",
  "created_at_opencti": "2024-09-24T12:09:56+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-09-24",
    "android",
    "banking",
    "trojan"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "77.37.34.191"
      },
      {
        "id": "",
        "name": "cppcccare.com"
      },
      {
        "id": "",
        "name": "cd89b4cc7dc155f30db39e31b30894ed11f3fb6ad0fe5b2d014b123e333084c6"
      }
    ],
    "attack_patterns": [
      {
        "id": "ef72da1d-2eaa-4d94-8913-06978609cfb4",
        "name": "T1608.001"
      },
      {
        "id": "3e7e47ba-d8ad-4aa8-a4fc-1167cec2e125",
        "name": "T1587.001"
      },
      {
        "id": "de38dd3a-41d7-4621-8a00-a32d7f0ff420",
        "name": "T1102.002"
      },
      {
        "id": "9594762e-9e74-466b-a460-3fd2a8aa7e10",
        "name": "T1608.005"
      },
      {
        "id": "6ccd4566-e15e-40cf-b7df-4a3f737ce5cd",
        "name": "T1036.005"
      },
      {
        "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6",
        "name": "T1204.002"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "British Indian Ocean Territory"
      },
      {
        "id": "",
        "name": "Cyprus"
      },
      {
        "id": "",
        "name": "India"
      },
      {
        "id": "",
        "name": "United Kingdom of Great Britain and Northern Ireland"
      },
      {
        "id": "",
        "name": "Finance"
      }
    ]
  },
  "external_refs": [
    "https://rakeshkrish.medium.com/uncovering-icici-bank-phishing-campaign-new-fraud-app-found-4f1088c0564d",
    "https://otx.alienvault.com/pulse/66f2c834a43e177c852fe4e7"
  ]
}