Trojan posing as IT refund skulking to attack Android phone bank customers

PTI, Sep 22, 2021, 12:37 PM IST

Credit: iStock Photo (for representation)


A banking Trojan malware has been detected in the Indian cyberspace that is lurking to attack bank customers using Android phones and has already targeted those from more than 27 public and private sector banks, the country’s federal cyber security agency said in a latest advisory.

The phishing (a social engineering computer virus attack to steal personal data) malware is masquerading as an ”income tax refund” and it can ”effectively jeopardise the privacy of sensitive customer data and result in large-scale attacks and financial frauds”, the CERT-In advisory issued on Tuesday said.

”It has been observed that Indian banking customers are being targeted by a new type of mobile banking campaign using Drinik android malware,” it said.

”Drinik started as a primitive SMS stealer back in year 2016 and has evolved recently to a banking Trojan that demonstrates phishing screen and persuades users to enter sensitive banking information,” it said.

Customers of more than 27 Indian banks including major public and private sector banks have already been targeted by the attackers using this malware, the CERT-In said.

The Indian Computer Emergency Response Team or CERT-In is the federal technology arm to combat cyber attacks and guarding the cyber space against phishing and hacking assaults and similar online attacks.

The advisory describes the attack process.

The victim, it said, receives an SMS containing a link to a phishing website (similar to the website of the Income Tax Department) where they are asked to enter personal information and download and install the malicious APK file in order to complete verification.

”This malicious android app masquerades as the Income Tax Department app and after installation, the app asks the user to grant necessary permissions like SMS, call logs, contacts etc.” ”If the user does not enter any information on the website, the same screen with the form is displayed in the android application and the user is asked to fill in to proceed,” it said.

This data to be filled includes full name, PAN, Aadhaar number, address, date of birth, mobile number, email address and financial details like account number, IFS code, CIF number, debit card number, expiry date, CVV and PIN, it adds.

Once these details are entered by the user, it said, the application states that there is a refund amount that could be transferred to the user’s bank account.

When the user enters the amount and clicks ”Transfer”, the application shows an error and demonstrates a fake update screen.

”While the screen for installing update is shown, Trojan in the backend sends the user’s details including SMS and call logs to the attacker’s machine,” it said.

”These details are then used by the attacker to generate the bank specific mobile banking screen and render it on user’s machine. The user is then requested to enter the mobile banking credentials which are captured by the attacker,” it said.

The advisory recommends some counter-measures to guard against such attacks and malware, like always download apps from official app stores, install appropriate Android updates and patches as and when available, use safe browsing tools, do extensive research before clicking on link provided in the message and look out for valid encryption certificates by checking for the green lock in the browser’s address bar before sharing sensitive personal data.

It also asked users to immediately report any unusual activity in their account to their bank and also send a complaint to CERT-In at [email protected]

Udayavani is now on Telegram. Click here to join our channel and stay updated with the latest news.

Top News

Congress membership requisites: No alcohol & drug, no criticism of party in public

Women should not visit police stations after dark: BJP’s Baby Rani Maurya

BJP govt has failed the country: Rahul

Baby kidnap case: Kerala govt to inform family court about Anupama’s demand for child

PM meets Indian Covid vaccine manufacturers; CEOs say his leadership key force in vaccination drive

Australia beat South Africa by 5 wickets in T20 WC Super 12 match

Hindus don’t have violent mindset: Pejawar Swamiji

Related Articles More

Study says tech firms underreport their carbon footprint

High-end innovations using Artificial Intelligence to be introduced during T20 World Cup broadcast

Apple introduces new online engagement series for developers

A social species? Newly discovered fossils show early dinosaurs lived in herds

Study: Fossil fuel plans would far overshoot climate goals


Science and Technology Minister C.N. Ashwath Narayan at Koteshwar

News Bulletin 23-10-2021

Elephant attack at Hunasuru


Road mishap at Muluru National Highway

Latest Additions

Priyanka flags off ‘Pratigya Yatras’ from UP’s Barabanki

Shah flags off inaugural Srinagar-Sharjah direct flight

Congress membership requisites: No alcohol & drug, no criticism of party in public

Three-time world champion, Pele, turns 81!

Restore statehood, democracy in J-K: NPP

Thanks for visiting Udayavani

You seem to have an Ad Blocker on.
To continue reading, please turn it off or whitelist Udayavani.