← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
KYCShadow: An Android Banking Malware Exploiting Fake KYC Workflows for Credential and OTP Theft
WHITE Tr1sa111 2026-04-30 Modified: 2026-04-30
9
IOCs
LOW VOLUME
india targetingandroid banking trojanotp theftvpn manipulationkycshadowwhatsapp distributionfirebase c2credential theftsms interception
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
KYCShadow
Indicators of Compromise (2 / 9 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 0a467a2c936734affc8d796a4e468543b9d182e7 2026-04-30
FileHash-SHA1 10bd31f7d0e47f8c24f58cac962036d342d57057 2026-04-30
References (1)
↗ https://www.cyfirma.com/research/kycshadow-an-android-banking-malware-exploiting-fake-kyc-workflows-for-credential-and-otp-theft/