According to the latest advisory released by Indian Computer Emergency Response Team (CERT-In) about the recently identified malware called Drinik. This Android malware is claimed to be targeting Indian bank users pretending to masquerade as Income Tax refunds.
Indian Computer Emergency Response Team (CERT-In) has observed that the bank customers in the country are being attacked by a new type of mobile banking campaign using Drinik Android malware. This is a kind of hacking process which is practised to gain access to the victim’s personal or bank details.
According to CERT-in, the victim will receive an SMS containing a link to a phishing website that pretends to be similar to the Income Tax Department website. When the victim lands on the website he/she will be asked to enter their personal information. Then they will be asked to download and install the malicious APK file in order to complete verification.
After the installation, the app(masquerades as an Income Tax Website) will ask permission to grant access to SMS, call logs, contacts and others. According to the Government, if the victim does not provide any info to the website pretending to be of the IT department, the same screen with the form is displayed in the Application and the user is asked to fill in to proceed.
The Information will include full name, PAN, Aadhaar number, address, DOB, mobile number and email address. Not only this it will also ask you to enter your financial details such as A/C number, IFSC code, CIF number, debit card number, expiry date, CVV and PIN. After it has gathered all the required information the app will state that there is a refund amount that could be transferred to the user’s bank account.
The moment the victim enters the amount and clicks on Transfer the app shows an error and demonstrates a fake update scream. While the screen for installing updates is shown the Trojan is the backend will send all the user details including SMS and call log to the attacker’s device. These details are then used by the hacker to generate the bank-specific mobile banking screen to render it on the user’s device. The victim is then requested to enter the mobile banking credentials that will be captured and then used by the attacker.
To prevent yourself from such frauds you are advised to avoid downloading any potentially harmful apps on your device by limiting your download sourced to official app stores like Google Play and Apple Store. Always check for the user review, app details, number of downloads and comments before you download any app.
Also, verify app permission and grant permission which are relevant for the purpose of the app. Avoid checking the Untrusted Sources checkbox to install sideloaded apps. Always consider using safe browsing tools, filtering tools in your antivirus, firewall and filtering services. One should also be cautioned towards shortened URLs like bit.ly and TinyURL.
You can always hover your cursor over the shortened URLs to see the full website domain before clicking on the link. Even if something like this happens to you then you should immediately report to the respective bank with the relevant details to take further appropriate actions.
As per the Indian Computer Emergency Response Team (CERT-In) Drinik started as a primitive SMS stealer and has now evolved to a banking trojan that demonstrates phishing screens and persuades users to enter sensitive banking information.
Customers of more than 27 Indian banks including major public and private sector banks have already been targeted by the Drinik Android malware.
For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Facebook and Instagram. For newest tech & gadget videos subscribe to our YouTube Channel. You can also stay up to date using the Gadget Bridge Android App. You can find the latest car and bike news here.
