In India, cyberspace has identified a banking Trojan virus that lurks at attacking bankers using Android smartphones, stated the country’s federal cyber security agency, CERT-In, in an advisory alert. Further, the Indian Computer Emergency Response Team (CERT-In ) has claimed that the virus has attacked clients from over 27 public and private sector banks.
The phishing malware seems to masquerade as the ‘income tax refund’ – a social engineering piece of malware which targets personal information – and can ‘effectually endanger the confidentiality of sensitive customer information and lead to massive attacks and financial frauds,’ the CERT-In said, adding: “It has been observed that Indian banking customers are being targeted by a new type of mobile banking campaign using Drinik Android malware.”
While explaining the invasion operation, the agency said that a victim would have been prompted to fill in personally identifiable information, download and install malicious APK files to finish the requisite verification on a phishing website (as it is on the website of the tax service). The victim would get a link redirecting it to a phishing website.
“If the user does not enter any information on the website, the same screen with the form is displayed in the Android application and the user is asked to fill in to proceed,” they said.
Furthermore, Full name, PAN number, Aadhaar number, permanent addresses, birthdates, cell phone number, and financial information, such as bank details, account number, IFSC code, CIF number, debit cards, expiration date, CVV, and PINs, are included as part of the data asked to be filled by the user.
Once the user has submitted the details, the program claims that a refund amount may be deposited to the user’s bank account, and the application exhibits an error and displays a false upgrade page whenever the user enters the amount and selects the “transfer” options.
During the display of the screen to install the update, Trojan will forward the information about the user to the attacker.
“These details are then used by the attacker to generate the bank-specific mobile banking screen and render it on the user’s machine. The user is then requested to enter the mobile banking credentials which are captured by the attacker,” it said.
The advisory proposes several counter efforts to stop such attacks and malware, such as downloading apps from the official app shops, installing suitable updates and patches on Android, using secured internet browsing tools, carrying out detailed research before clicking on a link in the message, and looking for true certificates of encryption by checking for a green browser lock.
Source: https://www.ehackingnews.com/2021/09/banking-trojan-posing-as-i-t-refund.html
- '
- "
- Account
- advisory
- android
- app
- Application
- apps
- Attacks
- Bank
- bank account
- Banking
- Banks
- BP
- browser
- Campaign
- carrying
- certificates
- checking
- claims
- clients
- code
- Credentials
- Customers
- cyber
- cyber security
- data
- Debit Cards
- encryption
- Engineering
- Enters
- Federal
- financial
- form
- Forward
- full
- Green
- HTTPS
- Income
- india
- information
- Internet
- IT
- lead
- LINK
- malware
- masquerade
- Mobile
- Mobile banking
- official
- Options
- PAN
- Patches
- phishing
- private
- Program
- public
- research
- response
- Screen
- security
- shops
- smartphones
- Social
- Social Engineering
- submitted
- tax
- Trojan
- Update
- Updates
- Verification
- virus
- Website
More from E Hacking News
IISpy: Installs Backdoor on Microsoft’s Web Server Software
Source Node: 1022323
Time Stamp: Aug 11, 2021
New Mac Malware Trick Users By Posing as Legitimate macOS Tool
Source Node: 1875799
Time Stamp: Sep 23, 2021
Links Detected Between MSHTML Zero-Day Attacks and Ransomware Operations
Source Node: 1875199
Time Stamp: Sep 20, 2021
Phishing Attackers Spotted Using Morse Code to Avoid Detection
Source Node: 1014382
Time Stamp: Aug 14, 2021
Russian scientists have launched the first quantum network with open access in Moscow
Source Node: 1014419
Time Stamp: Aug 12, 2021
Underground Criminals Selling Stolen Network Access to Third Parties for up to $10,000
Source Node: 1864251
Time Stamp: Aug 13, 2021
Raven Hengelsport Data Breach Exposes 18GB of Customer Data
Source Node: 995495
Time Stamp: Jul 29, 2021
Researchers Uncovered Russian Spy Agencies Targeting Slovak Government
Source Node: 1022276
Time Stamp: Aug 15, 2021
Identity Verification Platform Troolio Closes a $394 Million Deal
Source Node: 887756
Time Stamp: Jun 8, 2021