India's Computer Emergency Response Team (CERT-In) has issued an advisory to bank customers of an android malware that steals information and money.
(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Called Drink, the new banking malware has evolved from a primitive SMS stealer in 2016 to a banking trojan that persuades users to enter sensitive banking information.
The attack campaign can effectively jeopardise security of sensitive customer data and lead to large scale attacks and financial fraud.
According to the country’s nodal agency for cybersecurity, customers of more than 27 Indian banks including major public and private sector banks have been targeted using this malware.
The malicious app disguises as Income Tax Department app and asks users for permissions to a user's SMS, call logs and contacts. If the user did not fill in information earlier, the same page is displayed on the app and asked to fill in to proceed.
The information includes personal details like full name, PAN, Aadhar number, address, date of birth, mobile number, and email address. It also demands financial information in account number, IFS code, CIF number, debit card number, expiry date, CVV and PIN.
Once a user enters these details, the application states that a refund amount could be transferred to their account. When the user clicks on “Transfer”, the application shows an error and shows a fake update screen.
Meanwhile, the trojan sends the user’s details to the attacker who then uses the information to generate a bank-specific mobile banking screen and render it on the user’s device. The user is then asked to enter mobile banking details which are then captured by the attacker.
How to avoid falling victim to such an attack
In its advisory, CERT-in has advised users to limit their download sources to official app stores and review app details along with permissions that the app requests. It suggests that users install Android updates and patches and not click on suspicious website domains and URLs, and not to enter your critical information on any website without ensuring its legitimacy.
Customers should look for suspicious numbers that do not look like real mobile numbers as scammers hide behind email-to-text services to avoid revealing their actual phone number.
If any suspicious activity is observed in a user’s account, they should immediately report it to their respective bank.