News

Bank customers, take note: RBI warns of mobile data theft by ‘AnyDesk’ app

Amid rising instances of fraud using the Unified Payment Interface (UPI) platform, the Reserve Bank of India has cautioned all banks and payment system operators about a new modus operandi allegedly used by scammers to target customer phones.

In an alert dated February 14, the cybersecurity and IT examination cell of the central bank said that a mobile application called ‘AnyDesk’ was allegedly being used by fraudsters to access data on mobile devices. Once the app is installed on customer phones, it seeks permission to access controls of the phone, like all other applications.

Access data
After installing this in the phone, it asks permission to access the data from the customer. According to the Central Bank’s IT Examination Cell, after installing this app, fraudsters will have complete control over the data of the mobile user.

Remote control application
‘Anydesk’ is a remote control application. It works to connect one device to another device. People who have more movement from one place to another, they mostly use it.

The circular read that an app code (nine-digit number) would be generated and once the fraudster inserts this code, he/she would ask the victim to grant permission. Post this, the fraudster will get full access to the victim’s device. The app then allegedly proceeds to steal confidential data on the phone to carry out fraudulent transactions via other payments apps.

In its alert, the RBI said that it had sent out a similar advisory on January 10. Officials say the circular was originally issued by National Payments Commission of India (NPCI) to ensure that genuine makers of payments applications put some controls on the kind of data they access on customer phones. Data on the NPCI website shows that between April 2018 and January 2019, the UPI platform saw 388 crore transactions worth over Rs 6.4 lakh crore.

 

Source:- financialexpress