Sensitive Data Protected: Major Asian Bank Secures PII from Reward Point Scam

Challenge

CloudSEK XVigil discovered a widespread campaign of reward point scam applications targeting the BFSI sector and its customers. These applications lured victims into downloading a malicious .apk file that prompted them to enter credit card details, including CVV and expiry information. The threat actors used Firebase databases to store the stolen data, which was then used to siphon off funds from the victims. The campaign leveraged fake domains, phishing domains, and WhatsApp messages for distribution.

The Impact

‍The exposed data could be exploited for financial fraud, identity theft, and other malicious activities. The availability of thousands of lines of sensitive data posed a serious risk to personal privacy and security, as well as the bank’s reputation.

The breach could lead to significant financial loss for the victims and damage the bank’s brand reputation.

Solution

‍CloudSEK XVigil promptly identified and secured the open Firebase instances, ensuring that the exposed data was removed and access was restricted.

‍

Implementation:

Detection:

CloudSEK XVigil discovered the fraudulent reward point scam applications leaking sensitive PII data.

‍

Threat Analysis:

• Identified the use of malicious .apk files prompting users to enter credit card details.

• Detected the use of Firebase databases to store stolen data and fake domains for distribution.

‍

Immediate Actions:

• Secured open Firebase instances to prevent further data leakage.

• Removed exposed data and restricted access to sensitive information.

• Initiated awareness campaigns to educate customers about the fraud applications.

‍

Preventive Measures:

• Contacted affected individuals and provided countermeasures to protect their data.

• Enhanced monitoring of network traffic and database access to detect and prevent unauthorized access.

• Strengthened security policies and educated users on best practices for handling sensitive information.