Rising Android Malware Threat in India Targets Hindi-Speaking Users with Banking Data Theft and Crypto Mining

A new Android malware campaign has been discovered, primarily targeting Hindi-speaking users in India. According to McAfee's Mobile Research Team, this malware is extremely dangerous because it not only steals financial information but also discreetly mines cryptocurrencies on infected phones in the background. The attackers are deceiving customers by building fraudulent financial apps that resemble genuine ones from big banks such as SBI Card, Axis Bank, and others.These apps are not available on the Google Play Store, but are distributed via phishing websites that seem almost identical to official banking sites.The goal is to trick people into downloading the fake application, believing it is safe.

How this Malware works

When a user downloads the bogus program, it first displays a screen that resembles a standard Google Play update page.  This leads users to believe it's safe. Following that, the app requests private information such as card number, CVV, expiry date, and personal information. All of the stolen data is secretly delivered to the attackers.This malware is especially harmful since it serves two hidden goals. Along with obtaining personal and banking information, it also initiates a hidden process to mine Monero cryptocurrency (XMR) in the background. Normally, mining requires strong computers, but this spyware is designed to mine on mobile phones. As a result, the phone slows down, the battery drains quickly, and mobile data is used up.

This mining process is managed using Firebase Cloud Messaging (FCM). It  means that the malware remains silent until it receives a specific hidden command. This makes malware considerably more difficult for users and security programs to identify and remove.

Monero Usage by Cybercriminals and the Growing Risk for Indian Users

Cybercriminals prefer Monero (XMR) because it hides the sender, receiver, and transaction amount, making it nearly impossible to track. Its mining mechanism is designed to run on standard CPUs, allowing it to discreetly mine cryptocurrency on mobile devices without people noticing. This makes it the ideal option for attackers in this campaign. The majority of the infections have been reported in India, where consumers are being duped by Hindi-language phishing pages and fraudulent financial apps. While a few incidents have been reported in other regions, the majority of victims are Indian smartphone users.

Prevention Measures to Stay Safe from Attacks

To protect yourself from such threats, always download apps only from trusted sources like the Google Play Store and avoid clicking on unknown links received through SMS, WhatsApp, or social media, especially those related to banking or financial services. Be very careful when entering personal or financial details into apps or websites you don’t fully trust. It is also important to use reliable mobile security software, which can help detect harmful apps and block phishing websites, adding an extra layer of safety to your device.

Final Thoughts

The rise of Android malware shows how cybercriminals are finding new ways to trick users.This campaign is especially dangerous as it steals banking details and secretly mines cryptocurrency. Most victims are in India, making awareness crucial. Staying alert and practicing safe digital habits is the best defense against such hidden threats.

Information referenced in this article is from McAfee