Last updated on
09/24/2021, 2:01 pm
The Indian Computer Emergency Response Team (CERT-In), the Indian government’s cybersecurity agency, has warned of a possible threat to Android users.
A piece of malware called Drinik has been discovered in the wild that tries to steal money and sensitive banking information from the victim under the pretext of generating income tax refunds.
Customers of over 27 Indian banks have already been victims.
Here are more details.
Malicious app and website masquerading as offers from the income tax department
In an advisory published online, CERT-In found that the bad guys behind this Android malware are essentially running a good ol ‘phishing scam. The victims receive a text message with a link to a malicious website that looks like the portal of the income tax authority.
The website reportedly looks for personal information and then prompts the victim to download an Android app riddled with the Drinik malware.
Malicious app seeks access to call logs, SMS
The unsuspecting victim is asked to download and install the malicious app on the pretext of completing the verification. Once installed, this app, which looks like something from the income tax department, will request access to the necessary device permissions like SMS, call logs, contacts, etc.
The same malicious website screen will appear and the user will be prompted for all the details to proceed.
App steals sensitive banking information including PIN, CVV
The form in the app records the victim’s full name, PAN, cell phone number, Aadhaar number, address, date of birth and email address. It also collects financial details like account number, IFS code, CIF number, debit card number, expiration date, CVV and PIN.
The app then claims that the victim is entitled to a tax refund that could be transferred to their bank account.
Attackers generate bank-specific screens for the victim
The moment the victim squeezes it Transfer Button, indicates the app has encountered an error and displays an update screen. In the background, the Drinik Trojan sends the attacker all collected data, call logs and SMS.
The attacker uses this information to generate a bank-specific mobile banking screen for the victim. Here the victim is asked to enter their mobile banking details.
CERT-In warns that this could lead to major financial fraud
Apparently, the mobile banking data is also passed on to the attacker, thereby compromising the security of the victim’s identity and bank account. CERT-In warned that this could lead to major financial fraud.
In its recommendation, CERT-In stated that the best way to avoid such malware is to only download apps from reputable sources such as the Google Play Store and the Apple App Store.