Home News Indian Bank Users Victim of Drinik Android Malware – Use Tax Refund...

Indian Bank Users Victim of Drinik Android Malware – Use Tax Refund as Bait

CERT-In issued an advisory identifying an Android malware named Drinik, targeting Indian Bank users in a phishing campaign. The actor has been posing as an Income Tax refund app and luring customers into providing sensitive data.

WhisperGate malware campaign, Flagpro malware, MosaicLoader Malware, drinik

Indian Computer Emergency Response Team (CERT-In) released an advisory related to a new malware called Drinik.

The Android malware targets Indian Bank customers through a hacking process using Phishing emails to steal sensitive user data.

Detailing the process, the advisory describes the attack vector to pose as an Income Tax Department message. The SMS is a phishing message that asks the user to enter personal information and download and install the malicious APK file for verification. Personal and financial details like PAN card number, Aadhaar, date of birth, email address, bank details, IFSC code, card details, PIN and CV are all entered, stored, and stolen through the malware.

To lure the victim the malware displays a refund amount message and seeks further permission to transfer the amount to the user’s bank account.

When the victim enters the amount and clicks on transfer, the app shows an error and demonstrates a fake update screen. While the screen for installing updates is displayed, the Trojan in the backend sends all the user details including SMS and call log to the attacker’s device. These details are then used by the hacker to generate the bank-specific mobile banking screen to render it on the user’s device. The victim is then requested to enter the mobile banking credentials that will be captured and then used by the attacker.

Best Practice

As per Gadget Bridge:

  • Avoid downloading any potentially harmful apps on your device, limit your download to official app stores like Google Play and Apple Store.
  • Verify app permission and grant permission relevant to the app. Avoid checking the Untrusted Sources checkbox to install sideloaded apps.
  • Use safe browsing tools and filtering tools in your antivirus, firewall and filtering services.
  • Be cautious towards shortened URLs like bit.ly and TinyURL. Hover your cursor over the shortened URLs to see the full website domain before clicking on the link.
  • Report any suspicious activity to the respective bank with the relevant details to take further appropriate actions.

Indian Banking Cyber Incidents

Per CERT-In more than 2.9 Lakh (290,445) cybersecurity incidents related to digital banking have been reported in 2020, within India. The cybersecurity incidents related to digital banking include phishing attacks, network scanning and probing, viruses, and website and URL hacking/hijacking. Banking continues to be a soft target for attackers with an increased number of digital platforms for financial transactions. The ease of use has also resulted in the ease of attacks for the vectors, with a high number of people having their bank details linked and stored on their devices.