Cybersecurity Alert: New Malware Targets Indian Banking Apps

New Delhi, March 21, 2026 – A critical cybersecurity threat has been identified targeting Indian banking applications on Android devices. News Reporter Live has learned that a sophisticated new malware, dubbed 'IndusRAT,' is actively circulating, posing a significant risk to millions of users across the country. This malicious software is designed to steal banking credentials, intercept SMS-based OTPs, and gain complete control over infected devices. The Indian Computer Emergency Response Team (CERT-In) issued an advisory earlier today, urging users to exercise extreme caution and update their security software immediately.

The IndusRAT malware reportedly disguises itself as a legitimate system update or a popular utility application. Once installed, it requests extensive permissions, including access to SMS messages, contacts, and device storage. Granting these permissions allows the malware to monitor incoming SMS messages for OTPs, which are then used to authorize fraudulent transactions. Furthermore, IndusRAT can remotely control the infected device, enabling attackers to access sensitive data and perform other malicious activities. The scale of this attack could be enormous and cause substantial financial losses across the country, officials warn.

IndusRAT: How to Protect Your Banking Data

Cybersecurity experts are advising users to take the following precautions to protect themselves from IndusRAT:

• Only download apps from trusted sources: Stick to the Google Play Store and carefully review app permissions before installation.
• Enable Google Play Protect: This built-in security feature scans apps for malicious behavior.
• Be wary of suspicious SMS messages and emails: Do not click on links or download attachments from unknown senders.
• Use a strong and unique password for your banking apps: Avoid using the same password for multiple accounts.
• Enable two-factor authentication (2FA) wherever possible: This adds an extra layer of security to your accounts.
• Keep your device's operating system and security software up to date: Security updates often include patches for known vulnerabilities.

Comparing IndusRAT to Previous Threats

This isn't the first time Indian banking customers have been targeted by sophisticated malware. In the past, threats like 'Anubis' and 'Cerberus' have also caused significant damage. However, reportersays IndusRAT appears to be more targeted and sophisticated in its approach, making it particularly dangerous. "IndusRAT demonstrates a clear understanding of the Indian banking ecosystem and user behavior," said cybersecurity analyst Rohan Sharma, speaking to News Reporter Live. "Its ability to intercept SMS OTPs and gain remote control of devices makes it a potent threat." Compared to earlier malware, IndusRAT uses advanced obfuscation techniques to avoid detection. This makes it harder for antivirus software to identify and remove the malware from infected devices, leading to a longer infection period and potentially more damage.

Availability and Impact in India

The IndusRAT malware is currently circulating widely in India. CERT-In has been working with banks and telecom operators to identify and block malicious domains and IP addresses associated with the malware. However, users are urged to remain vigilant and take proactive steps to protect their devices. Financial institutions are also ramping up their security measures, including implementing stricter fraud detection systems and enhancing customer awareness campaigns to educate users about the dangers of mobile malware and phishing attacks. "The Reserve Bank of India is closely monitoring the situation and working with banks to ensure the safety and security of the financial system," stated a source within the RBI, speaking on condition of anonymity.

The impact of IndusRAT could be severe, potentially leading to significant financial losses for individuals and businesses. Moreover, the malware's ability to steal personal data raises serious privacy concerns. Users are advised to regularly check their bank accounts for any suspicious activity and report any unauthorized transactions immediately. The CERT-In helpline is available 24/7 to assist users with reporting incidents and providing guidance on security best practices. You can also use an EMI Calculator to plan your finances in case of unforeseen losses.