Dissecting a Banking Phishing App
Analyzing a fake bank app designed to steal user info
Last updated
Was this helpful?
Analyzing a fake bank app designed to steal user info
Last updated
Was this helpful?
What if a simple text message could compromise your entire bank account? That’s exactly what happened.
A few days ago, a friend of mine received this odd message:
Dear Customer, Your Axis Bank Reward Points Rs.(9860.00) will expire today. Redeem now through Axis Bank Rewardz App Install & Claim your reward through cash deposit in your account.
Thank You. Team — Axis Bank ,
Also an app named Axis_bank_pan_update13.apk was attached with it
At first glance, it looked convincing — who wouldn’t want nearly ₹10,000 in rewards? But something about it felt off, also which bank would provide an apk file for user to download when it already available on Playstore/Appstore.
So, I did what I love to do: I dug into it. Spoiler alert — it was a scam!
Urgency: The message claims the reward points will expire today. Scammers create a sense of urgency to make people act quick.
The APK : Instead of downloading app from Playstore or App Store, the scammer asked us to install a third-party APK.
App Permissions: On installing the APK it asks for a lot of permissions, including access to “SMS,” “contacts,” “calls,” and “banking apps.”
Rewards: ₹9860 in rewards? banks don’t randomly giveaway money.
Source: Message came from a random number with a logo of the bank, not a verified sender ID. Banks always use official numbers to communicate.
The app requested several permissions, including:
Read SMS: To steal OTPs and other sensitive messages.
Send SMS: To propagate the scam by messaging your contacts.
Access Phone State: To gather device information for further exploitation.
Internet Access: To send your stolen data to the attacker’s server.
It even had background permissions, allowing it to schedule tasks or run services when you’re not actively using your device.
Once installed, the app resembles an official UI with Axis Bank branding. It asked for sensitive details like:
Credit/Debit card Number, CVV, PIN, DOB
Username and password
Mobile number
Customer ID and password
These details and the permission to send and receive messages is all it takes to empty your bank account.
The data entered was sent directly to the attackers, who could then use it to:
Transfer money from your account.
Access other linked services, like credit cards or UPI apps.
I ran the APK’s through VirusTotal, and the results were alarming. A significant number of vendors flagged it as malicious.
Package Name: com.axisofbank.german
Activity: com.axisofbank.german.MainActivity
Service: com.axisofbank.german.BackgroundService
VirusTotal also found several connected domains:
The account was created just 2 weeks ago and it had 1 repo which was a github page release :
I think its some kind of encryption, i couldn't get it to decode.
CloudSEK’s BeVigil found several risky permissions, including send/receive SMS, read phone state, and more.
It also detected a potential UUID at sources/E0/h.java:
258EAFA5-E914–47DA-95CA-C5AB0DC85B11
That's all I was able to get from this app, Happy to have your thoughts and contributions.
As a 2nd-year BCA student, I’m still learning, so please forgive any mistakes in my analysis! This was an interesting experience to see how scammers play on trust and urgency to steal personal information.
Never download APKs from unverified sources.
Check app permissions carefully. If something feels off, it probably is.
Always verify the sender’s authenticity.
This investigation was a reminder of how convincing phishing scams can be. Always verify messages, avoid downloading third-party APKs, and question anything that seems too good to be true. Stay Curious
Thank you for reading!
Adarsh SR
From these i found the github account interesting, so i visited the github account:
| | |
