Be aware Android users! The Government has warned to remain alert of an Android malware named Drinik which is claimed to steal sensitive data of users by pretending to generate Income Tax Refunds. The malware has already targeted customers of more than 27 Indian Banks, confirms the Indian Computer Emergency Response Team (CERT-In). According to the agency, the attackers send a phishing website link to the victims, which looks equivalent to the Income Tax Department portal. Then it prompts the users to download a malicious app which installs the Drinik malware to the customer’s device. The same malware was reported to be a SMS stealer in the year 2016.
Now question arises, how this malware functions? How to identify and stay away from it? Reportedly, the attackers send an SMS to the victims with a link to a phishing site which looks like the Income Tax portal. Upon clicking the link, it asks for some personal information and then prompts to download the app. Now it acts like a genuine version to help customers generate tax refund. For that it seeks permission to access SMS messages, call logs, and contacts of the user and also prompts to fill data in a form that seeks their personal information such as full name, PAN, Aadhaar number, address, and date of birth. Besides, CERT-In claims that it also ask financial details i.e. account number, IFSC code, CIF number, and even debit card number, expiry date, CVV, and PIN of the customer.
Once the users provide all these data and tap on the “Transfer” button on the app, it displays a fake update screen followed by an error. But in the meantime the attackers run a trojan in the background and obtain the user details including SMS messages and call logs. By using this data, the attackers create a bank-specific mobile screen and convince the victims to enter their mobile credentials in it. Once done, they use it to conduct financial frauds in a later stage, said CERT-In.
That’s why the users are recommended to download apps directly from Official sources including Google Play Store and to refrain from browsing suspected websites or clicking on untrusted links. Else they may end of vacating their Bank accounts and missing all their important data.
Source: NDTV