New Delhi: The Computer Emergency Response Team (CERT-In) has alerted customers about a new banking trojan malware that is targeting customers by sending them a fake income-tax refund-related link. It has been observed that Indian banking customers are being targeted by a new type of mobile banking campaign using Drink android malware,” as per Cert-In.
CERT-In explained about the malware attack on its website. The post said that the victim first receives an SMS having a link to some phishing website (the link is similar to that of the Income Tax department’s website).
The agency also notified that customers of nearly 27 Indian banks including major public and private banks are at the risk of attack from a new banking trojan malware masquerading as income-tax refund related link.
After the customer clicks on the link, he/she is asked to enter personal information and then download the malicious APK file in order to complete the verification.
After the installation is completed, the app asks the user to grant some permissions like SMS, call logs, contacts, etc. The users are then asked to enter data like personal information including the full name, PAN Card details, Aadhaar details, address, date of birth, mobile number, email address, and other bank details like CVV number, IFSC code, etc.
If the user doesn’t enter any sort of information, the same screen with the form is displayed and he/she is asked to fill in to proceed further.
After the details are entered, the application says that there is a refund amount that could be transferred to their bank account. When the user enters the refund amount and clicks on the “Transfer” option, the app shows an error and displays a fake update screen.
While the screen for installing updates is shown to the user, Trojan malware at the backend transfers all the data including the user’s SMS and call log details to the attacker’s machine. All these details are then used by attackers to show relevant mobile banking screen on the user’s device. When the user enters the mobile banking details, they are captured by the attacker.
Discussion about this post