A severe wave of banking malware is circulating via WhatsApp in India and the GCC region. The scam involves a message promising “New Year Gifts” or “Customized 2026 Greetings” that asks users to download an APK file. Once installed, the malware grants itself SMS and Notification permissions to intercept OTPs and drain bank accounts.
Business Impact
This poses a significant risk to employees using personal devices for work (BYOD). The malware can intercept corporate 2FA codes and steal contacts, leading to potential organizational breach or “CEO Fraud” attempts using the compromised employee’s identity.
Why It Happened
Attackers are exploiting the “festive urgency” and the high volume of media sharing on NYE. The malware masquerades as a legitimate greeting app but operates as a Trojan in the background.
Recommended Executive Action
Issue an urgent “Do Not Click” SMS/WhatsApp alert to all staff immediately. Remind them that no legitimate greeting requires an APK installation. Advise anyone who clicked to enable “Airplane Mode” and factory reset their device immediately.
Hashtags: #WhatsAppScam #NewYear2026 #MobileSecurity #BankingFraud #AndriodMalware #InfoSec