CERT-In issues advisory against malware hacking internet banking users
The Computer Emergency Response Team- India has issued an advisory against a malware that is targeting Indian internet banking customers. Hackers are targeting customers using a new type of mobile banking campaign using Drinik Android malware. The campaign allows hackers to gain credentials to the internet banking account of a user, and can result in financial loss.
The campaign is targeting customers of more than 27 Indian banks including major public and private sector banks.
Also read: What is CERT-In?
How does the campaign work?
Phishing: Hackers send victims an SMS containing a link to a phishing website. The website mimics the website of the Income Tax Department, Govt. of India. On the duplicate website, hackers ask the victim to enter personal information and download and install the malicious APK file of an Android application.
Information Gathering: The app also masquerades as the Income Tax Department app. It asks users to grant necessary permissions like SMS, call logs, contacts, etc. The app also asks users to enter personal information, including full name, PAN, Aadhaar number, address, date of birth, mobile number, email address, and other financial details. Financial details include IFS code, CIF number, debit card number, expiry date, CVV, and PIN.
Transferring Details: After a user enters all details, the application says that the user is entitled to a refund amount that could be transferred to his bank account. However, once the user clicks on “Transfer”, the application shows an error and displays a fake update screen. Meanwhile, in the background, the Trojan malware sends the user’s details including SMS and call logs to the hacker’s machine.
Access to Mobile Banking: The hacker then uses these details to generate and display a bank-specific mobile banking screen in the application. Ultimately, the app asks the user to enter mobile banking credentials. Once again, the app sends the captured data to the hacker.
Since the hacker already has access to SMS logs and also has internet banking credentials, he can even retrieve the OTP and use it to sign in to a user’s internet banking account. Once he gets access to the account, he can easily make fraudulent payments.
How to avoid the scam?
Mobile users should always keep the option to ‘Install Unsecured Applications’ off. This will limit the ability of the malware to install itself on the phone. Users should never click on any unsolicited link, irrespective of receiving them on email or WhatsApp.
Further, users should always look at the URL, which can tell a lot about any hacking campaign. This particular campaign uses two URLs:
- http://192.3.122[0.]195/Refund/iMobile/instantTransfer.apk
- http://192.210.218[.]49/fcm/mc/tapp.php?dir=9sp
You can also read our guide on avoiding a phishing campaign.
Do subscribe to our Telegram channel for more resources and discussions on tech-law. To receive weekly updates, don’t forget to subscribe to our Newsletter.