State Bank of India (SBI) has issued an urgent fraud alert to digital banking customers after researchers observed a spike in targeted phishing campaigns aimed at compromising YONO accounts.
Attackers are using fake SMS and WhatsApp messages to pressure users into downloading malicious software or revealing sensitive credentials.
SBI Warns YONO Users
Attack vector: Unsolicited SMS or WhatsApp messages that claim the victim’s YONO app will be deactivated within 24 hours. Pretext: Messages assert the deactivation is caused by failure to update or link the customer’s Aadhaar number.
Lures: A malicious hyperlink or an attached file (usually an Android APK) presented as an “update” or “Aadhaar verification” step. Payloads: Phishing websites that mimic SBI’s interface and rogue APKs that install banking trojans and spyware.
- APK distribution: Attackers bypass official channels by pushing APKs through messaging apps or links. These APKs are unsigned or signed with fraudulent keys.
- Permission escalation: Malicious apps request broad permissions (accessibility, overlay, contacts, SMS) to capture inputs and intercept OTPs.
- Overlay attacks: A fake banking UI is shown on top of the real one to capture credentials as users type.
- Background data exfiltration: Credentials, device identifiers, and stored tokens are siphoned to remote C2 infrastructure.
- Persistence: Malware may install services or abuse accessibility features to survive reboots and hinder uninstallation.
Mitigation
Do not click links or open attachments. Delete the message. Do not install APKs from messages or third-party sites. If you have clicked or installed anything: disconnect the device from the internet (turn off Wi‑Fi and mobile data), remove the app, and contact SBI immediately to freeze or monitor accounts.
Change banking passwords and enable multi-factor authentication from a clean device. App source: Install YONO only from Google Play Store or Apple App Store. Verify the developer name and package ID before installing or updating.
App permissions: Review permissions and deny any unnecessary requests (especially accessibility and SMS access). System settings: Disable “Install unknown apps” at the OS level, and keep “Verify apps” enabled on Android.
Updates: Keep OS and apps updated via official channels to reduce exploitable surfaces. OTP handling: Never enter OTPs on sites reached from random links; enter them only in the official app after launching it yourself.
Phishing verification: If you get an urgent-sounding message, open the official YONO app or SBI website directly (do not use the message link) and check for notifications.
No Comment! Be the first one.