Understanding Unusual SMS Behavior During Google Pay Setup: Malware or Normal Functionality?
With the proliferation of digital payment platforms like Google Pay (GPay), users often encounter various processes and notifications during account setup and transaction confirmation. However, recent reports have raised concerns about suspicious activity involving SMS messages during GPay integration, especially on new devices. This article explores these concerns, clarifies what might be happening, and provides guidance on safeguarding your financial information.
The Scenario: Unexpected SMS Forwarding During UPI Registration
A user recently configured GPay on a newly acquired device, attempting to link their SBI bank account via the UPI registration process. During this setup, they observed two distinct types of SMS messages:
-
Authentic Bank Alerts: Genuine UPI OTPs and transaction alerts from sources like VM-CANBNK-S or AD-HDFCBK-S appeared as expected. These messages are standard and recognizable, used for transaction verification.
-
Encrypted SMS Sent to Random Numbers: Simultaneously, encrypted or coded messages were sent from the device to multiple random mobile numbers (e.g., +91 74283 94115, +91 75068 94867), without user initiation or awareness. Notably, these messages did not contain typical OTPs or readable information.
Further investigation, including dialing commands like *#21# (which checks for call forwarding), revealed no active forwarding services on the device. The behavior suggests that certain apps or processes might be transmitting encrypted data to unknown recipients silently.
Key Questions Arising from the Observation:
1. Is this behavior typical of GPay or UPI-related apps?
Some digital payment platforms, including GPay, sometimes utilize virtual numbers or relay services for security and privacy reasons. However, standard operation does not include clandestine SMS forwarding to unknown numbers. Typically, transactional messages are received directly and securely, not sent out en masse to random contacts.
2. Could this be malware or a security breach?
The encryption and spontaneous messaging to random numbers are red flags indicating possible malicious activity. Malware or rogue apps may hijack SMS functionalities, intercept OTPs, or exfiltrate data without user consent. This poses significant security risks, including unauthorized access to banking information.
3. How can users identify the responsible app or process?
To diagnose this issue:
- Review installed applications for any unfamiliar or suspicious apps.
- Check app permissions, especially SMS and contact access.
- Use device security tools or antivirus
Share this content:
