A large-scale malware campaign, dubbed FatBoyPanel, is targeting Android users in India, compromising over 50,000 victims. Security researchers from Zimperium attribute this attack to a single threat actor deploying over 1,000 malicious applications. The malware is primarily distributed via WhatsApp as an APK file, masquerading as legitimate government or banking apps. Researchers identified 900 unique samples and uncovered 2.5GB of stolen data, including sensitive banking details, government IDs, and SMS messages. The malware exfiltrates stolen data using hard-coded phone numbers, some controlled by the attacker, while others belong to compromised victims. About 63% of these numbers were traced to Indian regions. The malware exploits SMS permissions to intercept and steal OTPs, allowing unauthorized access to banking accounts. Additionally, it employs stealth techniques such as icon hiding, uninstallation resistance, and code obfuscation. By intercepting SMS messages, it facilitates fraudulent transactions, leading to financial losses for victims. This highlights the critical need for cybersecurity awareness, urging users to avoid installing APKs from untrusted sources and to review app permissions rigorously. Authorities and security firms are actively investigating the campaign, but users must remain vigilant against such evolving cyber threats.

Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.