The Indian Cybercrime Coordination Centre (I4C) under the Ministry of Home Affairs has issued a formal notice to Google, flagging three Firebase-hosted domains that were allegedly used to steal sensitive personal and financial data from Android users through malware disguised as legitimate banking services.
Firebase is a mobile and web application development platform provided by Google. It offers a suite of tools and services that help developers build, improve, and scale their apps.
The notice, from June, was sent according to Section 79(3)(b) of the Information Technology Act, 2000, and Rule 3(1)(d) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. Moneycontrol has seen a copy of the notice.
It directed Google to disable access to the identified domains within 36 hours of receipt of the communication, without tampering with potential evidence.
The URLs in question, all hosted on Google’s Firebase real-time database infrastructure, were found to be used in Android-based malware operations, according to I4C’s Threat Analysis Unit, the notice said.
The malware, I4C said, was being promoted as new credit card offers, reward redemptions, or credit limit upgrades.
Once installed, the app would collect SMS messages and other sensitive information, including credit card credentials, and transmit the data to Firebase servers controlled by the attackers, the notice added.
“This constitutes a violation of the IT Act, 2000 (Sections 43, 66, 66C) and multiple provisions under the Bharatiya Nyaya Sanhita, 2023 (Sections 61, 316(2), 318(4), and 340(2)),” the notice said, adding that failure to act promptly could result in Google losing the safe harbour protections typically granted to intermediaries.
The takedown notice comes amid a surge in financial cyber crimes in India, particularly those targeting mobile users through phishing apps, fake investment schemes, and digital loan scams.
The I4C, which functions as the nodal body for coordinating cybercrime response across India, and has stepped up its oversight of cloud-based infrastructure being misused by cybercriminals.
Moneycontrol has reached out to Google for comment on whether the domains have been taken down and what measures the company has in place to detect and mitigate abuse of its cloud platforms.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
