Today’s world is so fast they want everything to be working very fast. Due to this people are using online banking or net banking regularly. The Indian Computer Emergency Response Team (CERT-In) is an admonition to Android Phone users with a new malware called Drinik that strives to steal online banking login credentials.
The Trojan campaign is said to be attacking more than 27 Indian banks including major public and private sector banks. Here is everything you get in knowledge.
What is the new Drinik Android malware attacking online banking users?
CERT-IN is guiding people, Drinik Android malware is attacking Indian banking users and is extending in the personate of Income Tax refund. It’s a banking Trojan that is capable of hacking screens and induces users to sensitive banking details.
How the new Trojan does get installed on the Android Phone?
As per the study of CERT-IN, The victim receives the massage or SMS mentioning the link of hacker website (Similar to the income tax department, Government of India) Where the user is asked to enter personal information and download and install the spiteful APK file to complete verification. This spiteful Android app disguise as the Income Tax Department app.
Let’s study what personal data gets stolen by Drinik
The data include full name, PAN, Aadhaar number, address, date of birth, mobile number, email address, and financial details like account number, IFSC code, CIF number, debit card number, expiry date, CVV, and PIN.
How did all details get stolen by the Trojan?
After the personal information is entered by the user, the app states that there is
Income Tax amount that could be transferred to the user’s bank account. When the victim enters the amount and clicks on “Transfer” the application displays the error and shows the fake update screens. While the screen for installation update is shown. Malware in the backend sends the victim’s details information including SMS and call logs to the hacker’s machine.
How to stay safe or beware of the hackers; Disable the App download from unknown sources on your Android Phone setting.
CERT-IN suggests limiting your download sources from official app stores only, such as device manufacturers or operating app stores like Google play reduce the risk.
Verify app permission before installing an app
Verify app permissions and give only those permissions which have applicable context for the app’s motive. Do not permit the “Untrusted Sources” checkbox to install side-loaded apps.
Things should you avoid staying safe from hackers.
Do not visit untrusted websites or follow untrusted links and exercise precaution while clicking on the links furnished in any unrequested emails and SMSs.
Always look for doubtful numbers that don’t look like real mobile phone numbers. Fraudulent often cover their identity by using email to text services to avoid their actual phone number.
Practice being careful towards shortened URLs, Such as those involving bit lay and viral.
Users are suggested to float their cursors over the shortened URLs (If possible) to see the full website domain which they visit or use a ‘URL checker that will avoid the users to use flake or hackers short URL and view full URL. Users can also use the services which are meant for a full preview of the URL.