Zimperium’s Comprehensive Protection Against Fake SBI Reward Banking Trojan

Share this blog

Malwr Analysis recently reported on a banking trojan campaign that disguises itself as a State Bank of India (SBI) rewards app. Delivered via WhatsApp, the malware tricks users into downloading an APK that steals sensitive banking credentials and other personal information. This campaign highlights the ongoing threat of banking trojans targeting users through trusted platforms and impersonating legitimate brands to gain access to financial data.

Zimperium’s Mobile Threat Defense (MTD) solution provides robust, zero-day protection against these threats. Using advanced on-device machine learning classifiers, Zimperium detects and blocks malicious apps like the fake SBI rewards APK before they can compromise user devices. For organizations developing financial or other sensitive applications, integrating Zimperium’s Mobile Apps Protection Suite (MAPS) offers an additional layer of defense. This SDK ensures app integrity, prevents tampering, and safeguards sensitive user data, helping organizations proactively mitigate the risks posed by sophisticated banking trojans. 

Beyond detection, Zimperium’s proactive threat intelligence efforts have identified 86 additional malicious apps and 5 domains associated with this campaign. These findings are included in a list of Indicators of Compromise (IOCs) in the following link

Banking trojans are a growing concern for financial institutions and users alike. By leveraging Zimperium’s solutions, organizations and individuals can stay protected against these evolving threats. For more details on this campaign, read Malwr Analysis’s report here.

Avatar photo
Security Research. View the author's experience and accomplishments on LinkedIn.