Phishing and Fraud via Fake Banking and Device Recovery Apps
Cybercriminals are increasingly leveraging fake mobile applications and targeted phishing campaigns to steal sensitive credentials and financial information. Security researchers have identified malicious APKs masquerading as legitimate banking apps, such as a counterfeit YONO SBI app, which can surreptitiously install additional hidden applications and potentially compromise user data. These fake apps exploit trust in well-known brands and can evade detection by mimicking normal app behavior, posing significant risks to users who download apps from unofficial sources.
In parallel, authorities such as the Swiss National Cyber Security Centre (NCSC) have warned about sophisticated phishing scams targeting individuals who have lost their iPhones. Attackers use information displayed on the lost device’s lock screen to send convincing SMS or iMessage phishing messages, impersonating Apple’s Find My team and luring victims to enter their Apple ID credentials on fake websites. These incidents highlight the growing threat of social engineering and technical deception in mobile ecosystems, emphasizing the need for vigilance when responding to unexpected messages or installing applications outside official app stores.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
OSINT Team Blog describes risks from fake banking apps
An OSINT Team Blog post detailed the danger posed by fraudulent banking applications, describing how fake apps can be used to steal sensitive financial information from victims.
Report warns of phishing texts targeting people with lost iPhones
BleepingComputer reported on a phishing scheme in which people who lost iPhones receive text messages falsely claiming the device was found, attempting to trick them into surrendering account credentials or device access.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


