Pulse Detail — Threat Intelligence

● 0 online

ANALYZING THREAT INTELLIGENCE

PULSE NAME

KYCShadow: An Android Banking Malware Exploiting Fake KYC Workflows for Credential and OTP Theft

WHITE Tr1sa111 2026-04-30 Modified: 2026-04-30

9

IOCs

LOW VOLUME

↓ CSV ↓ JSON

india targeting android banking trojan otp theft vpn manipulation kycshadow whatsapp distribution firebase c2 credential theft sms interception

MITRE ATT&CK & Malware Families

MALWARE FAMILIES

KYCShadow

Indicators of Compromise (1 / 9 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	3da35272ad6d280d3388d57bdbf61b9c	—	2026-04-30

References (1)

↗ https://www.cyfirma.com/research/kycshadow-an-android-banking-malware-exploiting-fake-kyc-workflows-for-credential-and-otp-theft/