Thursday, 28 October 2021 11:12 GMT

New Android malware steals banking data: Here's how it works


(MENAFN- NewsBytes) The Indian Computer Emergency Response Team (CERT-In), the Indian government's cybersecurity agency, has warned of a potential threat to Android users. A malware called Drinik has been spotted in the wild, trying to steal money and sensitive banking information of the victim on the pretext of generating income tax refunds. Customers of over 27 Indian banks have already fallen victim. Here are more details.

In this article
  • Malicious app and website masquerading as Income Tax Department's offerings
  • Malicious app seeks access to call logs, SMS
  • App steals confidential banking information including PIN, CVV
  • Attacker generates bank-specific screens for the victim
  • CERT-In warns this could lead to large-scale financial fraud
Drinik malware Malicious app and website masquerading as Income Tax Department's offerings

In an advisory released online, CERT-In noted that the bad actors behind this Android malware are essentially running a good-old phishing scam. The victims receive an SMS containing a link to a malicious website that looks like the Income Tax Department's portal. The website reportedly seeks personal information and then prompts the victim to download an Android app laced with the Drinik malware.

Modus operandi Malicious app seeks access to call logs, SMS

The unsuspecting victim is prompted to download and install the malicious app on the pretext of completing verification. Post-installation, this app, which looks like something from the Income Tax Department, requests access to necessary device permissions such as SMS, call logs, contacts, etc. The same screen from the malicious website is displayed and the user is asked to enter all the details to proceed.

Under your nose App steals confidential banking information including PIN, CVV

The form on the app collects the victim's full name, PAN, mobile number, Aadhaar number, address, date of birth, and email address. It also collects financial details such as account number, IFS Code, CIF number, debit card number, expiry date, CVV, and PIN. The app then claims that the victim is eligible for a tax refund that could be transferred to their bank account.

Details Attacker generates bank-specific screens for the victim

The instant the victim presses the Transfer button, the app claims to have encountered an error and displays an update screen. In the background, the Drinik Trojan sends the attacker all the collected details, call logs, and SMSes. The attacker uses these details to generate a bank-specific mobile banking screen for the victim. Here, the victim is prompted to enter their mobile banking details.

Elaborate scam CERT-In warns this could lead to large-scale financial fraud

Obviously, the mobile banking details are also relayed to the attacker, thereby jeopardizing the safety of the victim's identity and bank accounts. CERT-In warned that this could lead to large-scale financial fraud. In its advisory , CERT-In noted that the best way to avoid such malware is to download apps only from reputable sources such as the Google Play Store and Apple App Store.

MENAFN24092021000165011035ID1102859676


Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.