There’s a new malware in town, and it’s wreaking havoc on Android users. Drinik is malware that steals vital data and financial credentials from a smartphone user. CERT-In, the Indian Computer Emergency Response Team, has issued a warning to many banks. Customers of 27 public and private banks in the country have been hit by malware so far.
The Drinik malware is presently imitating an Income Tax Department software. After a user has been duped into downloading it, it captures all sensitive data. Not only that, but the malware also forces the user to complete a transaction. After which it crashes and displays a bogus warning. In the meantime, it gathers all of the essential information from the user.
The Android malware Drinik steals banking information
CERT-In has described how this malware preys on its victim in great detail. The phishing procedure begins with the victim receiving an email or SMS containing a link to the phishing URL. To entice the victim, the email or SMS imitates an official government website (in this example, the Income Tax Department).
The link leads to an app, which, if installed on the user’s cellphone, requests access to all of the device’s basic permissions, including call records, SMS history, contacts, images and media, and more. The software then prompts you to enter your full name, PAN, Aadhaar number, address, date of birth (DoB), mobile number, and email address.
Following that, all sensitive banking information such as account number, IFSC code, CIF number, debit card number, expiration date, CVV, and PIN is requested. After entering this information, the app prompts the user to execute a refund transaction. The app displays an error with a false update page as soon as the transaction is completed.
During this time, the malware has gathered all of the victim’s vital and sensitive financial information and sent it to the cybercriminal.
What can you do to avoid it?
Although the CERT-In team has provided some technical details to investigate. The most straightforward method to avoid the occurrence is to avoid clicking on suspicious links in SMS messages and emails. Suspicious messages or emails should never be used to download programs or open websites.