0

0

0

0

0

0

0

0

0

This article is more than 2 month old.

Beware of trojan malware attack, MeitY warns customers of major banks

Mini

The Ministry of Electronics and Information Technology’s Computer Emergency Response Team (CERT-In) has alerted customers about a new banking trojan malware that is targeting customers by sending them a fake income-tax refund-related link.

Beware of trojan malware attack, MeitY warns customers of major banks
The Ministry of Electronics and Information Technology’s Computer Emergency Response Team (CERT-In) has alerted customers about a new banking trojan malware that is targeting customers by sending them a fake income-tax refund-related link.
“It has been observed that Indian banking customers are being targeted by a new type of mobile banking campaign using Drink android malware,” said CERT-In.
Drinik initially started as a primitive SMS stealer in 2016 and now it has evolved to a banking trojan that displays a fake screen as a real one in order to persuade users to enter their bank details. Customers of more than 27 public and private sector banks have already been victims of such attacks.
CERT-In says that if any such suspicious activity is noticed by users they should immediately report with relevant details to incident@cert-in.org.in.
How does it work?
CERT-In explained about the malware attack on its website. The post said that the victim first receives an SMS having a link to some phishing website (the link is similar to that of the Income Tax department’s website). After the customer clicks on the link, he/she is asked to enter personal information and then download the malicious APK file in order to complete the verification.
After the installation is completed, the app asks the user to grant some permissions like SMS, call logs, contacts, etc. The users are then asked to enter data like personal information including the full name, PAN Card details, Aadhaar details, address, date of birth, mobile number, email address, and other bank details like CVV number, IFSC code, etc.  If the user doesn’t enter any sort of information, the same screen with the form is displayed and he/she is asked to fill in to proceed further.
After the details are entered, the application says that there is a refund amount that could be transferred to their bank account. When the user enters the refund amount and clicks on the “Transfer” option, the app shows an error and displays a fake update screen.
While the screen for installing updates is shown to the user, Trojan malware at the backend transfers all the data including the user’s SMS and call log details to the attacker’s machine. All these details are then used by attackers to show relevant mobile banking screen on the user’s device. When the user enters the mobile banking details, they are captured by the attacker.
next story