Government agency warns bank customers of malware that steals money

According to the country’s nodal agency for cybersecurity, customers of more than 27 Indian banks including major public and private sector banks have been targeted using this malware.

September 24, 2021 12:26 pm | Updated 12:26 pm IST

The malicious app disguises as Income Tax Department app and asks for personal details.

The malicious app disguises as Income Tax Department app and asks for personal details.

India's Computer Emergency Response Team (CERT-In) has issued an advisory to bank customers of an android malware that steals information and money.

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Called Drink, the new banking malware has evolved from a primitive SMS stealer in 2016 to a banking trojan that persuades users to enter sensitive banking information.

The attack campaign can effectively jeopardise security of sensitive customer data and lead to large scale attacks and financial fraud.

According to the country’s nodal agency for cybersecurity, customers of more than 27 Indian banks including major public and private sector banks have been targeted using this malware.

The malicious app disguises as Income Tax Department app and asks users for permissions to a user's SMS, call logs and contacts. If the user did not fill in information earlier, the same page is displayed on the app and asked to fill in to proceed.

The information includes personal details like full name, PAN, Aadhar number, address, date of birth, mobile number, and email address. It also demands financial information in account number, IFS code, CIF number, debit card number, expiry date, CVV and PIN.

Once a user enters these details, the application states that a refund amount could be transferred to their account. When the user clicks on “Transfer”, the application shows an error and shows a fake update screen.

Meanwhile, the trojan sends the user’s details to the attacker who then uses the information to generate a bank-specific mobile banking screen and render it on the user’s device. The user is then asked to enter mobile banking details which are then captured by the attacker.

How to avoid falling victim to such an attack

In its advisory, CERT-in has advised users to limit their download sources to official app stores and review app details along with permissions that the app requests. It suggests that users install Android updates and patches and not click on suspicious website domains and URLs, and not to enter your critical information on any website without ensuring its legitimacy.

Customers should look for suspicious numbers that do not look like real mobile numbers as scammers hide behind email-to-text services to avoid revealing their actual phone number.

If any suspicious activity is observed in a user’s account, they should immediately report it to their respective bank.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.