Sophisticated malware found posing as Indonesia’s digital ID app

Cybersecurity researchers have discovered a malware app designed to steal financial data, which disguises itself as Indonesia’s national digital identity platform, Identitas Kependudukan Digital (IKD).

The malware app, named Android/BankBot-YNRK, was found circulating online outside of the official Google Play app store, posing as an APK file of the digital ID platform. Once a user installs it, the app will start exploiting Android permissions to gain access to sensitive data, targeting banking and cryptocurrency apps.

According to an investigation from cybersecurity firm Cyfirma, the Trojan operates stealthily by leveraging its permissions to observe what appears on screens, simulate button presses and automatically complete forms as if acting on the user’s behalf. It also transmitted device details, location data and a list of installed applications back to the attackers.

“Overall, Android/BankBot-YNRK exhibits a comprehensive feature set aimed at maintaining long-term access, stealing financial data and executing fraudulent transactions on compromised Android devices,” says Cyfirma.

The harmful application takes advantage of Android’s overlay capability to present counterfeit login pages over genuine banking and wallet applications. Once users input their login information, it gets sent straight to cybercriminals.

To cover their tracks, attackers would send real-time instructions to the smartphone, such as avoiding antivirus tools or erasing data. The Trojan also suppressed notification and sounds to avoid alerting its users.

Currently, it is unclear how many users installed the illegitimate app.

Identitas Kependudukan Digital (IKD), or Digital Population Identity, was developed by the Directorate General of Population and Civil Registration (Dukcapil) and launched in 2023. As of December 2024, 18 million people have signed up for IKD, while the Indonesian government has been trying to boost the number of digital ID users.

Article Topics

Android  |  cybersecurity  |  digital ID  |  Identitas Kependudukan Digital (IKD)  |  Indonesia  |  malware  |  mobile app