For the past couple of years, many people particularly in India, have embraced cashless transaction for paying services such as food, petrol and sundries using Unified Payment Interface (UPI)-based mobile apps. But, there is also a rise in cases of citizens losing money through phishing technique and malware in apps. In the latest development, the country's finance regulatory body Reserve Bank of India (RBI) has warned users to refrain from installing a cross-platform 'AnyDesk' app, as it is a serious flaw that leaves bank account empty before customers could realise what just happened to them
For those unaware, AnyDesk app allows users to access remote desktop screen on their mobile phones. It is available in iOS, Android and even web app versions for Microsoft Windows and Apple Mac PCs. But, it has come to the notice of RBI that cybercriminals are using the AnyDesk app to syphon-off consumer's money in the bank.
"An app code (nine-digit number) would be generated and once the fraudster inserts this code, he would ask the victim to grant permission. Post this, the fraudster will get full access to the victim's device," RBI's Cybersecurity & IT Examination cell said in the press note.
Apparently, hackers upload a remote execution code to the victim's PC and mobiles and later it asks the consumer to grant certain permissions to access SMS, call log and other sensitive folders of the phone. For many, this is a normal procedure, as many apps do ask similar permissions, but this app is very dangerous. Once they gain access, they go on to steal all financial related details on e-commerce or UPI apps in the mobile.
With recovered data, hackers will carry out transactions through mobile banking app or payment-related apps, including UPI or wallets. Since they can view the OTP (One Time Password), they can carry out multiple transactions and leave you penniless in quick time. Already several people have unknowingly granted them access and lost their savings.
Considering the severity of the issue, RBI has already warned banks to convey messages to their respective customers and uninstall the 'AnyDesk' app.
Here's how to protect your smartphones from malware and adware:
- Always keep your smartphone updated to the latest firmware. Most companies in collaboration with Google send software updates — especially security patches on a priority basis and always make sure to update them immediately
- Make sure to use premium Antivirus software, which also provides malware protection and internet security
- Always switch on Google Play Protect on your Android phone. Go to Google Play >> Select Play Protect >> enable both – option 1: Scan device for security threat and option 2: Improve harmful app detection
- Never open emails sent from unknown senders
- Never install apps from unknown websites
- Never install apps from unfamiliar publishers even on Google Play store
- Never ever side-load apps from websites other than Google Play store on an Android phone.
- Always read user reviews before installing the apps from the Google Play store