We are all aware of various types of scams and malwares. Recently, the Ministry of Electronics and Information Technology (MEITY) has issued a warning related to banking scam to all android phone users.
Let’s get to know more about this issue.
As per the sources the Indian Computer Emergency Response Team (CERT-In) warned the android phone users about a malware named Drinik which focuses on stealing your login details required for online banking. Around 27 banks including major public sector and private sector banks are targeted.
The Drinik malware has existed since 2016 and now has taken the form of banking Trojan. The malware was used to steal customer data and SMS was sent to the customer masquerading as Income Tax Refund. This kind of attack usually results in major financial frauds.
The banking Trojan demonstrates Phishing Screen and mislead the users to enter sensitive banking details, CERT-In stated.
The process of scam explained by CERT-In is as follows, initially victim will receive an SMS providing link to a phishing website which might seem very similar to the Income Tax Department website and then persuade them to enter their personal banking detail asking to download and install suspicious APK file which can facilitate complete verification.
It also mentioned that, the malicious android app masquerades as the Income Tax Department app and soon after the installation the app requests the users to grant required permissions to access SMS, contact details, call logs etc. Incase of users denial to enter any information on the website, the same screen with the form is projected in the android application and the users are asked to fill in order to proceed.
The sensitive data includes user’s personal details like full name, date of birth, mobile number, email id, address, Aadhar number, PAN and bank details like account number, IFSC code, CIF number, debit card number, expiry date, CVV and PIN. After providing these details the users may see an application stating that there is refund amount which could be transferred to the customer’s bank account.
Later, on entering the amount and taping “Transfer”, the application shows an error and presents a fake update screen.The screen for installing update is shown, meanwhile Trojan in the backend sends all the victims informations such as SMS and contact details to the attackers machine.
The attackers use these details to generate a bank specific mobile banking screen and send it on the user’s device, after which the user is asked to enter the mobile banking details which are stolen by attackers.
As per the advisory recommendation, these kind of frauds and attacks can be avoided by downloading apps from official app stores, installation of proper android updates and patches, using safe browsing tools, beware of links provided in the message and also before sharing credentials try to find valid encryption certificates by checking the green lock in the browser’s address bar.
Make sure to report to your bank and complain to CERT-In through email@example.com. When you observe an unusual activity in your account.