Full Report
As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team shares how we can help protect you against fake SBI Reward banking trojan. The post Zimperium’s Comprehensive Protection Against Fake SBI Reward Banking Trojan appeared first on Zimperium.
Analysis Summary
# Tool/Technique: Fake SBI Reward Banking Trojan
## Overview
A banking trojan campaign disguised as a State Bank of India (SBI) rewards application. This malware is distributed via WhatsApp, tricking users into downloading an APK file to steal sensitive banking credentials and personal information.
## Technical Details
- Type: Malware family (Banking Trojan)
- Platform: Android (inferred from APK distribution)
- Capabilities: Stealing banking credentials and personal information.
- First Seen: January 26, 2025 (Date of article publication referencing recent report)
## MITRE ATT&CK Mapping
*Note: Specific MITRE mappings are inferred based on the malware's purpose (banking malware/credential theft).*
- **TA0001 - Initial Access**
- T1170 - Compromise Software Supply Chain (via deceptive application distribution)
- **TA0006 - Credential Access**
- T1606 - Application Impairment (Overlays or direct credential harvesting)
- **TA0010 - Exfiltration**
- T1041 - Exfiltration Over C2 Channel (Inferred)
## Functionality
### Core Capabilities
- Impersonating a legitimate brand (State Bank of India rewards app) to gain user trust.
- Tricking users into installing a malicious APK package on their mobile devices.
- Stealing sensitive banking credentials.
- Stealing other personal information.
### Advanced Features
- Delivery mechanism through social engineering via WhatsApp to encourage installation.
- Detection evasion via Zimperium's on-device machine learning classifiers (though the malware itself is the threat being detected).
## Indicators of Compromise
- File Hashes: [Not specified in this context]
- File Names: Malicious APK disguised as an SBI rewards app.
- Registry Keys: [Not applicable to Android context or not specified]
- Network Indicators: [Not specified in this context]
- Behavioral Indicators: Application attempting to harvest login credentials for financial services.
## Associated Threat Actors
- Threat actors behind the reported campaign (referenced as being reported by Malwr Analysis).
## Detection Methods
- Signature-based detection: (General detection capability of security solutions)
- Behavioral detection: Zimperium uses advanced on-device machine learning classifiers to detect and block malicious apps.
- YARA rules: [Not specified]
## Mitigation Strategies
- Users should be cautious when receiving installation links or files, especially via messaging apps like WhatsApp.
- Organizations (like SBI) should continuously monitor for brand impersonation.
- **Zimperium MTD:** Provides zero-day protection against such threats using on-device analysis.
## Related Tools/Techniques
- Banking Trojans targeting the financial sector.
- Malware distributed via social engineering/messaging platforms.