A Trojan malware has been detected that is attacking Indian bank customers using Android phones. The malware has already attacked customers of 27 public and private sector banks. Indian Computer Emergency Response Team or CERT-In has said in its latest advisory.
Malware is basically software that is designed to harm computer systems. CERT-In said Tuesday that the new malware masquerading as an “income tax refund” could “effectively jeopardize the privacy of sensitive customer data and lead to large-scale attacks and financial fraud”. Is”.
CERT-In said customers were being targeted by the Drinik Android malware. “Drinik started out in the year 2016 as a primitive SMS stealer and has recently evolved into a banking Trojan that displays phishing screens and persuades users to enter sensitive banking information, It told PTI.
CERT-In is the federal technology arm for preventing cyber attacks and protecting Indian cyberspace against malware, hacking attacks and similar online attacks. The CERT-in advisory describes the attack process and how clients can be protected.
The victim first receives an SMS with a link to download the malicious APK file to complete the verification. They are asked to enter their personal information. This website is similar to the website of Income Tax Department.
“This malicious Android app masquerades as an Income Tax Department app and after installation, the app asks the user to give necessary permissions like SMS, call logs, contacts, etc.,” the CERT-in advisory said. “If the user does not enter any information on the website, the same screen with the form is displayed in the Android application and the user is asked to fill in to proceed,” it added.
The required data to be entered include PAN, Aadhaar Number, Address, Date of Birth, Mobile Number, Email Address, IFSC Code, Debit Card Number and CVV etc.
When the user enters the amount and clicks “Transfer”, the app displays an error displaying a fake update screen.
“While the screen for installing the update is shown, the Trojan in the backend sends user details including SMS and call logs to the attacker’s machine,” it said.
It said, “These details are used by the attacker to create a bank specific mobile banking screen and present it on the user’s machine. The user is then requested to enter the mobile banking credentials which are captured by the attacker.” is taken.”
CERT-In has asked users to immediately report any unusual activity in their account to their bank. Users can also send complaints to CERT-In at incident@cert-in.org.in.
.