Government Alert To Android Users

Be Aware Of Using A Banking Scam App!

 

An Official Alert To Android Users Against Phishing Scam

As per the country's cybersecurity experts, scammers have been focusing on banking clients in India who use banking apps for online transactions.

These scammers use a novel phishing technique to gather delicate info of the victims, such as their internet banking credentials, mobile number, and OTP to carry out fraudulent transactions.

This malicious exercise is being carried out using the malware referred to as Drinik which tries to steal the online banking details of the users.

Including both, the private and public sector banks, the malware campaign is claimed to be targeting over 27 Indian banks.

How The Phishing Attack Process Starts?

It all starts with the user receiving an SMS with a link to a phishing website that appears to be of an income tax department.

The user is then asked to enter his details and download the malicious apk file claiming to be an official income tax department app, to complete the so-called fake verification.

How The Drinik Malware Attacks?

As per the advisory by Indian Computer Emergency Response Team or CERT-In, Drinik Android malware is spreading by disguising itself as an Income Tax refund.

This banking trojan appears to users as an income tax refund screen and persuades them to enter their delicate banking data to get a tax refund.

What Does The Malware App Do On My Phone?

After the user unknowingly installs the so-called fake income tax app, it asks him to grant it some mandatory permissions like SMS, call logs, contacts, and so forth.

Moreover, if the user happens to miss out on entering his details on that fake website earlier, then he'll be shown the same form screen and will be asked again to enter his details to proceed.

How This Malware App Works

After the user enters his personal details in the form, the screen shows a message stating that there is some income tax refund amount that can be transferred to the user's bank account.

So naturally, the user clicks on the transfer button because he would definitely want to have money. But when he does try to proceed and click the transfer button, the new screen appears which shows the fake error message, while in the background all the personal details that he entered are being sent to the scammer.

Now here comes the mind-boggling part. The details that were sent to the scammer will now be used to generate the bank-specific mobile banking screen and will be rendered back to the user's device to give a personalized experience, giving an impression as if the user has definitely logged on to his actual online account.

At this point in time, the user is requested to enter the mobile banking credentials which then gets captured by the attacker.

What Overall Data Gets Stolen?

The data that Drinik steals include your full name, PAN card details, Aadhaar card details, Your full address, date of birth, registered mobile number and email address, and also your financial details like the account number of yours, the IFSC code, CIF number, your debit/credit card number, expiry date, CVV and PIN.

How To Stay Safe From Such Banking Fraudsters?

To make sure you do not fall in the hand of such scammers, it is better to follow some of the best practices.

Best Safety Practices

• Do not install apps from any third-party sites using their apk files.
• Disable the Unknown Sources option in your android devices, so that there is a reduced risk of you mistakenly installing any apps in the background.
• When required only search and download apps from Google's PlayStore.
• Prior to downloading or installing any apps on your device, even if you are doing so from Google Play Store, always review the app details, number of downloads, user reviews, comments, etc.
• Most importantly, before using any app blindly always do check what permissions does it want to have access to and grant only those permissions which have relevant context for the app's purpose, for e.g. if a photo editing app wants to access your phonebook and phone's microphone, then it means something is definitely going crazy around here
• Don't trust any website only by its appearance, for e.g. if the webpage has designs, patterns, icons, or logos similar to a government website then it doesn't necessarily mean it's an authentic government site. Always check the complete website URL to check its authenticity.