Livemint wants to start sending you push notifications. Click allow to subscribe
Subscribe
My Reads e-paper Newsletters IFSC Code Finder New MintGenie
Subscribe
OPEN APP
Home >Technology >News >Mobile banking users alert! Indian govt agency warns of Android malware that steals money, information

Mobile banking users alert! Indian govt agency warns of Android malware that steals money, information

Premium
CERT-In claims that these attack campaigns can effectively jeopardize the privacy and security of sensitive customer data and result in large scale attacks and financial frauds

  • Customers of more than 27 Indian banks including major public and private sector banks have already been targeted by the attackers using this malware

Listen to this article
Your browser doesn’t support HTML5 audio

Cybersecurity agency Indian Computer Emergency Response Team (CERT-In) has released a notification alerting users about a new malware that is targeting customers of Indian banks. The new Android mobile banking malware is called Drinik which was previously used around 5 years back to steal SMS. However, it has evolved recently to a banking trojan that demonstrates phishing screen and persuades users to enter sensitive banking information. 

Cybersecurity agency Indian Computer Emergency Response Team (CERT-In) has released a notification alerting users about a new malware that is targeting customers of Indian banks. The new Android mobile banking malware is called Drinik which was previously used around 5 years back to steal SMS. However, it has evolved recently to a banking trojan that demonstrates phishing screen and persuades users to enter sensitive banking information. 

According to the govt cybersecurity agency, customers of more than 27 Indian banks including major public and private sector banks have already been targeted by the attackers using this malware.

According to the govt cybersecurity agency, customers of more than 27 Indian banks including major public and private sector banks have already been targeted by the attackers using this malware.

Subscribe to Continue Reading

CERT-In claims that these attack campaigns can effectively jeopardize the privacy and security of sensitive customer data and result in large scale attacks and financial frauds.

How this new malware works

The victim receives an SMS containing a link to a phishing website (similar to the website of Income Tax Department, Govt. of India) where he is asked to enter personal information and download and install the malicious APK file in order to complete verification. 

This malicious Android app masquerades as the Income Tax Department app. After the installation, the app asks the user to grant necessary permissions like SMS, call logs, contacts etc.

If the user does not enter any information on the website, the same screen with the form is displayed in the android application and the user is asked to fill in to proceed. The data includes full name, PAN, Aadhaar number, address, date of birth, mobile number, email address and financial details like account number, IFS code, CIF number, debit card number, expiry date, CVV and PIN.

After these details are entered by the user, the application states that there is a refund amount that could be transferred to the user's bank account. When the user enters the amount and clicks "Transfer", the application shows an error and demonstrates a fake update screen. 

While the screen for installing update is shown, Trojan in the backend sends the user's details including SMS and call logs to the attacker's machine. These details are then used by the attacker to generate the bank specific mobile banking screen and render it on the user's device. The user is then requested to enter the mobile banking credentials which are captured by the attacker. 

How to identify 

The agency also shared indicators of compromise (IOC) to better track down the malwares.

File Hashes:

103824893e45fa2177e4a655c0c77d3b

28ef632aeee467678b9ac2d73519b00b

 78745bddd887cb4895f06ab2369a8cce

8cc1e2baeb758b7424b6e1c81333a239

e60e4f966ee709de1c68bfb1b96a8cf7 

00313e685c293615cf2e1f39fde7eddd

04c3bf5dbb5a27d7364aec776c1d8b3b

C2 servers:

jsig.quicksytes[.]com 

c4.mypsx[.]net

fcm.pointto[.]us

rfb.serveexchange[.]com

File Type: .apk

Spreading URLS

http://192.3.122[.]195/Refund/iMobile/instantTransfer.apk http://192.210.218[.149/fcm/mc/tapp.php?dir=9sp

 

 

 

Never miss a story! Stay connected and informed with Mint. Download our App Now!!