Govt warns against ‘Drinik’ Android malware posing as Income Tax refund in Android phone

Android phone posed as Trojan IT refund for attacking bank customers

CERT-In said customers of over 27 Indian banks, including major public and private sector banks, have already been targeted by the attackers.

The country’s federal cyber security agency said in a fresh advisory that a banking Trojan malware has been detected in the Indian cyberspace to attack bank customers using Android phones and already has more than 27 public and Private sector banks have been targeted.

Phishing (a social engineering computer virus attack to steal personal data) malware is masquerading as “income tax refund” and can “effectively endanger the privacy of sensitive customer data and result in massive There may be attacks and financial frauds,” said the CERT – advisory issued on Tuesday.

“It has been observed that Indian banking customers are being targeted by a new type of mobile banking campaign using Drinik Android malware,” it said. “Drinik started out as a primitive SMS stealer in the year 2016 and has recently evolved into a banking Trojan that displays phishing screens and persuades users to enter sensitive banking information, “It said.

CERT-In said customers of over 27 Indian banks, including major public and private sector banks, have already been targeted by the attackers.

The Indian Computer Emergency Response Team or CERT-In is the federal technology arm for combating cyber attacks and protecting cyberspace against phishing and hacking attacks and similar online attacks.

The advisor describes the process of the attack. It added that the victim receives an SMS containing a link to a phishing website (similar to the Income Tax Department website), where they are asked to download and install a malicious APK file to enter personal information and complete verification. is called.

“This malicious Android app masquerades as an Income Tax Department app and after installation, the app asks the user to give necessary permissions like SMS, Call Log, Contacts, etc.” “If the user does not enter any information on the website, the same screen along with the form is displayed in the Android application and the user is asked to fill in to proceed,” it said.

This data to be filled includes full name, PAN, Aadhaar number, address, date of birth, mobile number, email address and financial details like account number, IFS code, CIF number, debit card number, expiry date, CVV and PIN. adds up. Once the user has entered these details, the application states that there is a refund amount that can be transferred to the user’s bank account.

When the user enters the amount and clicks “Transfer”, the application shows an error and displays a fake update screen. “While the screen for installing the update is shown, the Trojan in the backend sends the user’s details including SMS and call logs to the attacker’s machine,” it said.

“These details are used by the attacker to create a bank specific mobile banking screen and present it on the user’s machine. The user is then requested to enter mobile banking credentials which are captured by the attacker.”

The advisory recommends some counter-measures to protect against such attacks and malware, such as always download apps from the official App Store, install appropriate Android updates and patches when available, use Safe Browsing tools, on the links provided Do extensive research before clicking. View messages and valid encryption certificates by checking the green lock in the browser’s address bar before sharing sensitive personal data.

It also asked users to immediately report any unusual activity in their account to their bank and send a complaint to CERT-In at