RBI Alert : Do not download 'AnyDesk' app on your Mobile

If you are an e-wallet user or using any banking transaction through your mobile phone, then be alert. If you receive a message on social media platforms that asks you to download mobile app AnyDesk, it could be the handiwork of fraudsters trying to gain access to your mobile phone or laptop to make transactions using your bank account.

The scam works like this - Once downloaded, a 9-digit app code is generated on the user’s device and cybercriminals ask for the code to be shared pretending to be calling from the user’s bank.Once the hacker enters the code on his device, he gains access to the user’s device after a few permissions, not dissimilar from those sought by other apps. The fraudster can then extract details from the victim’s device to carry out transactions on the user’s device.

The Reserve Bank of India (RBI) has issued a warning against downloading the app as a few wrong moves and the user would have no control over his/her device. The cybercriminal could, from any part of the world, gain remote access to your device and wipe your back accounts clean.

With fraudulent transactions using UPI (Unified Payments Interface) platforms on the rise, the RBI has been taking measures to spread awareness among the people and warn them about various types of frauds.

A Bengaluru-based former bank official lost Rs 1 lakh after fraudsters gained access to his phone by getting him to download an app that allows for malicious access.

Narayan Hegde, a retired Syndicate Bank officer, was swindled after he installed the AnyDesk app. Hegde was an e-wallet user and needed help in restoring the app on his new phone. He called one of the numbers that showed up after an online search for the mobile wallet’s helpline. 

The party at the other end directed Hegde to download the AnyDesk app and asked him to forward a hashed string text that he received. Soon after he did this, money was withdrawn from his account in a series of debits. 

When he contacted his bank’s branch, he was informed that the money was transferred to an Aditya Birla Payments Bank account using the Unified Payments Interface (UPI) platform. While five transactions were made to withdraw Rs 1.24 lakh, the fraudsters were successful in debiting only Rs 1 lakh. However, Hegde received alerts for just two of the five transactions.

“Banks shouldn’t make their clients run around and should follow the RBI guidelines to pay up customers when they fall prey to such frauds. Even former bank employees are not spared,” said Prashant Mali, a cyber law expert and a Bombay high court lawyer. He added that the finance ministry should follow up with banks’ management teams for compliance with the RBI guidelines to compensate victims of such frauds.

Cybersecurity expert Srinivas Kodali, said in a report that downloading any unknown software or application could be harmful to the device. 

The bank's alert message sent on February 14 states that the app is being used by hackers to access banking details of users. The modus operandi of the app includes the use of the Unified Payment Interface (UPI) to steal the money. The fraudster first asks you to download the app. The app download request can come from either social media or from the Play Store/App store platforms. Once you have downloaded the app, the app will generate a nine-digit code on your device which will be used by the hacker to access the data and SMS service on your device. The hacker via this method can hack any mobile-banking or payment apps.

"Once a fraudster inserts this app code on his device, he will ask the victim to grant certain permissions, which are similar to what are required while using other apps,” reported by the RBI advisory.

Kindly do not install or download such spammer apps on your mobile, else you will loose your account information very soon.