Ministry of Electronics and Information Technology’s Indian Computer Emergency Response Team (CERT-In) on Tuesday notified that customers of nearly 27 Indian banks including major public and private banks are at the risk of attack from a new banking trojan malware masquerading as income-tax refund related link.
Modus operandi
The victims first receive an SMS link to a phishing website, disguised as the Income Tax Department website, they are then asked to fill in a few personal details before being sent a malicious APK file to be downloaded to complete verification. On opening the app, the victim is asked to grant permissions to access SMS, call logs and contacts.
If the victim doesn’t allow permission to any of these, the same form appears on opening the app asking for data including full name, PAN, Aadhar number, address, date of birth, mobile number, email address and financial details like account number, IFS code, CIF number, debit card number, expiry date, CVV and PIN, the federal cybersecurity agency noted.
Also read: Chinese hackers target UIDAI, Times Group, report says
Once these details are entered, the application states that there is a refund amount that could be transferred to the user's bank account.
“When the user enters the amount and clicks ‘Transfer’, the application shows an error and demonstrates a fake update screen. While the screen for installing the update is shown, Trojan in the backend sends the user's details including SMS and call logs to the attacker’s machine,” CERT-In said.
“These details are then used by the attacker to generate the bank specific mobile banking screen and render it on the user’s device. The user is then requested to enter the mobile banking credentials which are captured by the attacker,” it added.
These attacks are likely to jeopardise the privacy and security of sensitive data ultimately resulting in large scale attacks and financial frauds.
Drinik suspected
Claimed to be done using Drinik malware, the earlier version of this malware came in 2016 as a primitive SMS stealer and has recently evolved into a banking trojan demonstrating a phishing screen persuading users to enter sensitive banking information.
“Such trojans have become very common lately. But something like Drinik which has been dormant since 2016 can be tracked easily even using a Google Play Protect. Personally, I haven’t come across any strong active version of this malware recently. Also, consumers need to be wary that any legitimate government website will use ‘.gov.in’ in the link, anything else is not allowed in India for government websites,” Sunny Nehra, Admin, Hacks and Security told BusinessLine.
“These days people blindly give permissions to random apps to access personal data on phones without even thinking if that app really needs access to say your camera, gallery, phone book and so on. It’s good that MeitY is spreading awareness and updating users about such threats,” he added.
Kapil Gupta, Co-founder, Volon Cyber Security said,“Along with Drinik, another new Android malware ‘Elibomi’ has also been targeting taxpayers, luring them by offering tax filing service in a similar way. This malware too is getting delivered by SMS text phishing attack, pretending to come from income tax department. Users are recommended to not click on any unverifiable links from text messages. They should use reliable security application in mobile to protect against malicious applications”
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.