Android banking apps targeted by threat actor InTheBox

InTheBox, a marketplace for malware, sells malicious codes to cybercriminals targeting retail banking, mobile payment systems, cryptocurrency exchanges, and e-commerce apps worldwide.

February 02, 2023 06:38 pm | Updated 08:13 pm IST

InTheBox,functions like an online marketplace for malware targeting mobile payment systems.

InTheBox,functions like an online marketplace for malware targeting mobile payment systems. | Photo Credit: Getty Images

A known vendor of Android mobile web injectable malware, InTheBox, has been increasing their stock of injectibles targeting retail banking, mobile payment systems, cryptocurrency exchanges, and e-commerce apps, a report from Cybernews shared.

An injectable malware uses maliciously crafted code that can be added to the original code of websites and web applications to execute commands and share information with attackers bypassing the existing security systems put in place by the publishers.

Organisations in countries including Brazil, India, Australia, Indonesia, the Philippines, Qatar, Saudi Arabia, Thailand, Japan, and the U.S.A. were found to be affected.

InTheBox, functions like an online marketplace for malware working through the Tor anonymity network to sell malicious codes to cybercriminals. Its shop offers web injects that come in compressed packages and include PNG format app icons and HTML files which contain JavaScript codes responsible for collecting sensitive information. These codes create a malicious overlay to disguise itself as the mobile app’s input form, the report shared.

(For top technology news of the day, subscribe  to our tech newsletter Today’s Cache)

Researchers tracking the threat actor shared that the injection of malware begins with an interface that asks the infected user to input their mobile banking details such as ID, password, and mobile numbers. This information can subsequently be used to trick users, using another overlay, into entering their credit and debit card details.

InTheBox shop is known to offer a range of web injectable malware including Alien, Ermac, Octopus, MetaDroid, Cerberus, and Hydra for sale on the dark web.

Researchers at Cyble Research and Intelligence Labs (CRIL), who investigated the threat actors’ movements have advised users to download and install software only from trusted sources like an official app store and avoid opening any links received via messages or emails to ensure their security.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.