New Delhi: Banking Trojan malware has been detected in Indian cyberspace that lurks to attack bank customers using Android phones and has already targeted those of more than 27 public and private sector banks, said the the country’s federal cybersecurity agency in a final opinion.
Phishing malware (a social engineering computer virus attack to steal personal data) masquerades as an “income tax refund” and it may “effectively endanger the privacy of sensitive customer data and lead to large-scale attacks and financial fraud, ”the CERT -In notice released Tuesday said.
“It has been observed that Indian banking customers are being targeted by a new type of mobile banking campaign using Android Drinik malware,” he said.
“Drinik started as a primitive SMS thief in 2016 and has recently evolved into a banking Trojan that demonstrates a phishing screen and persuades users to enter sensitive banking information,” he said.
Customers of more than 27 Indian banks, including major public and private sector banks, have already been targeted by attackers using this malware, CERT-In said.
The Indian Computer Emergency Response Team or CERT-In is the federal tech arm responsible for combating cyber attacks and protecting cyberspace from phishing and hacking attacks and similar online attacks.
The notice describes the attack process.
The victim, he said, receives a text message containing a link to a phishing website (similar to the Income Tax Department website) where they are asked to enter personal information and download and install the malicious APK file in order to complete the verification.
This malicious Android app masquerades as the application of the income tax department and after installation the app asks the user to grant the necessary permissions such as SMS, call logs, contacts, etc. “
“If the user does not enter any information on the website, the same screen with the form is displayed in the Android app and the user is prompted to fill in to continue,” he said.
This data to be filled in includes full name, PAN, Aadhaar number, address, date of birth, mobile phone number, email address and financial details such as account number, code IFS, CIF number, debit card number, expiration date, CVV and PIN, it adds.
Once this information is entered by the user, he said, the app indicates that there is a refund amount that could be transferred to the user’s bank account.
When the user enters the amount and clicks “Transfer”, the application displays an error and displays a fake update screen.
“While the update installation screen is displayed, the Trojan in the backend sends user details including SMS and call logs to the attacker’s machine.” , did he declare.
This information is then used by the attacker to generate the bank-specific mobile banking screen and display it on the user’s machine. The user is then prompted to enter the mobile banking credentials. which are captured by the attacker, ”he said.
The advisory recommends certain countermeasures to guard against such attacks and malware, such as always downloading apps from official app stores, installing appropriate Android updates and patches as they are available. availability, use secure browsing tools, conduct extensive research before clicking on the link provided in the message and look for valid encryption certificates by checking the green padlock in the browser’s address bar before sharing sensitive personal data .
It also asked users to immediately report any unusual activity on their account to their bank and also to send a complaint to CERT-In at [email protected]