Phishing (a social engineering computer virus attack to steal personal data) malware CERT-In’s advisory issued on Tuesday said it is posing as an “income tax refund” and that it could “effectively jeopardize the privacy of sensitive customer data and lead to large-scale attacks and financial fraud”. can result”.
“It has been observed that Indian banking customers are being targeted by a new type of mobile banking campaign using Drinik Android malware,” it said.
“Drinik started out in the year 2016 as a primitive SMS stealer and has recently evolved into a banking Trojan that displays phishing screens and persuades users to enter sensitive banking information, “It said.
CERT-In said that customers of over 27 Indian banks, including major public and private sector banks, have already been targeted by the attackers.
The Indian Computer Emergency Response Team or CERT-In is the federal technology arm for combating cyber attacks and protecting cyberspace against phishing and hacking attacks and similar online attacks.
The advisor describes the process of the attack.
It added that the victim receives an SMS containing a link to a phishing website (similar to the Income Tax Department website), where they are asked to download and install a malicious APK file to enter personal information and complete verification. is called.
“This malicious Android app masquerades as an Income Tax Department app and after installation, the app asks the user to give necessary permissions like SMS, Call Log, Contacts, etc.”
“If the user does not enter any information on the website, the same screen along with the form is displayed in the Android application and the user is asked to fill in to proceed,” it said.
This data to be filled includes full name, PAN, Aadhaar number, address, date of birth, mobile number, email address and financial details such as account number, IFS code, CIF number, debit card number, expiry date, CVV and PIN. adds up.
Once these details are entered by the user, the application states that there is a refund amount that can be transferred to the user’s bank account.
When the user enters the amount and clicks “Transfer”, the application shows an error and displays a fake update screen.
“While the screen for installing the update is shown, the Trojan in the backend sends user details including SMS and call logs to the attacker’s machine,” it said.
“These details are used by the attacker to create a bank specific mobile banking screen and present it on the user’s machine. The user is then requested to enter mobile banking credentials which are captured by the attacker.”
The advisory recommends certain counter-measures to protect against such attacks and malware, such as always downloading apps from the official App Store, installing appropriate Android updates and patches, and using Safe Browsing tools as and when available. Do extensive research before clicking on the link. View messages and valid encryption certificates by checking the green lock in the browser’s address bar before sharing sensitive personal data.
It also asked users to immediately report any unusual activity in their account to their bank and send a complaint to CERT-In at incident@cert-in.org.in.