In response to the rising menace of fraudulent activities using the Unified Payment Interface (UPI) platform, the Reserve Bank of India (RBI) has warned all banks and payment system operators pertaining to a new modus operandi allegedly used by hackers for targeting customer phones.
In an alert notification issued on 14 February, the cybersecurity and IT examination cell of the RBI said that a mobile application named ‘AnyDesk’ was allegedly being instigated by fraudsters for accessing data on mobile devices.
Like all other applications, this one too asks permission for accessing the customers’ phone just after the app’s installation.
Once the app is installed on customer phones, it seeks permission to access controls of the phone, like all other applications.
“An app code (nine-digit number) would be generated and once the fraudster inserts this code, he would ask the victim to grant permission. Post this, the fraudster will get full access to the victim’s device,” said the circular.
After installation and accessing the information, the application then proceeds towards stealing confidential data on the phone for carrying out fraudulent transactions via other payments apps.
A similar notification pertaining to the application was sent out by the Central bank on January 10
According to National Payments Corporation of India (NPCI), between April 2018 and January 2019, the UPI platform reported 388 crore transactions worth over Rs 6.4 lakh crore.