Income Tax Refund Fraud: Beware Of Android Malware Drinik, SBI Warns Customers

NEW DELHI: SBI bank has warned its user about Android malware – Drinik that is spreading in the disguise of Income Tax refund applications.

It is a banking Trojan capable of phishing screens and persuades users to enter sensitive banking information. This malware uses phishing tricks to target people.

Drinik steals vital data and financial credentials from a smartphone user. The victim receives an SMS containing link to a phishing website where he is asked to enter personal information to download and install the malicious APK file in mobile device and fill in details in order to complete verification.

READ MORE: Beware! That IT Returns SMS Can Empty Your Bank Account: CERT-In Issues Advisory Against New Trojan That Hit 27 Banks

The malware also forces the user to complete a transaction, after which it crashes and displays a bogus warning. In the meantime, it gathers all sensitive information from the user.

HOW DOES IT WORK:

1. The process starts by sending the victim an SMS with a link to the phishing address. The SMS imitates the Income Tax department in a bid to lure the victim.
2. The link gives way to an app and once the user installs it on his device, the app asks access to all the basic device permissions such as call logs, SMS history, contacts, photos and media, and more.
3. Once the app is installed, the form within app asks for user to login using the PAN and Registered Mobile Number (RMN).
4. Then there is a form within the app that asks for the full name, PAN, Aadhaar number, address, date of birth (DoB), mobile number, and email id.
5. The next step then involves asking for all the sensitive banking information such as account number, IFSC code, CIF number, debit card number, expiry date, CVV, and PIN. Once this information is typed in, the app asks the user to make a transaction as a refund amount. As soon as the transaction is made, the app shows an error with a fake update page.
6. All this while, the malware has collected all the crucial and sensitive financial data of the victim and sent it to the cybercriminal.

After the personal details are entered by the user, the application states that there is an Income Tax refund amount and prompts to click “Submit”, the application shows an error and demonstrates a fake update screen.

While the screen for installing updates is shown, Trojan in the backend sends the user’s details including SMS and call logs to the attacker’s machine. These details are then used by attacker to generate the bank specific mobile banking screen and render it on user’s device. The user is then requested to enter the mobile banking credentials which are captured by the attacker.

Best Practices:

· Do not browse un-trusted websites or follow un-trusted links,

· Exercise caution while clicking on the link provided in any unsolicited emails/SMSs.

· Look for suspicious numbers that don’t look real mobile numbers. Scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number.

· Exercise caution towards shortened URLs, such as those involving bit.ly and TinyURL. Use URL checker which allows to enter short URL and view the full URL.

· Never download Apps or open sites from suspicious messages/emails

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube