New Android malware steals mobile banking data, money. Here's how to identify | Latest News India - Hindustan Times
close_game
close_game

New Android malware steals mobile banking data, money. Here's how to identify

By, New Delhi
Sep 24, 2021 09:33 AM IST

The Drinik Android malware was, until about five years ago, used for stealing short message service (SMS) data. However, with the prevalence of SMS declining and the majority of user data moving to the internet, the Drinik malware was updated by cybercriminals to adjust to a more modern age.

A new Android malware is increasingly being used by cybercriminals in their attempts to steal data and user information, especially mobile banking details. Alerting users about the new malware which is targeting users of Indian banks, the Indian Computer Emergency Response Team (CERT-In), a government cybersecurity agency, released a notification elaborating on the manner in which this malware functions. According to the agency, the new mobile banking Android malware is known as ‘Drinik’, which has already targeted customers of more than 27 public and private sector banks in India.

Like most Trojan and phishing-related malware programmes, the Drinik virus, too, functions by displaying the user a fake banking screen. (Representational Image)
Like most Trojan and phishing-related malware programmes, the Drinik virus, too, functions by displaying the user a fake banking screen. (Representational Image)

The Drinik Android malware was, until about five years ago, used for stealing short message service (SMS) data. However, with the prevalence of SMS declining and the majority of user data moving to the internet, the Drinik malware was updated by cybercriminals to adjust to a more modern age. In its new, updated avatar – the Drinik Android malware has evolved into a banking Trojan virus.

Hindustan Times - your fastest source for breaking news! Read now.

How does the Drinik malware work?

Like most Trojan and phishing-related malware programmes, the Drinik virus, too, functions by displaying the user a fake banking screen (the ‘phishing’ screen) where the user is persuaded to enter sensitive banking information – which is then collected by the cybercriminals and used to accumulate data and money from the actual bank servers.

The victim usually receives an SMS or an e-mail containing a link that redirects to the said phishing screen. This e-mail or SMS may look entirely official and the screen it redirects to may resemble a similar website of the Government of India (such as the website of the Income Tax department, for example), thus tricking the user to go forward with the next steps.

According to the cybersecurity agency, the Android malware is currently masquerading as an Income Tax (I-T) department app. Whenever a user ends up installing it, the app asks them to grant necessary permissions to access SMS records, call logs, contacts, and the like.

Now, even if the user does not enter any of the said on the phishing website, the same screen with the form is displayed in the Android app. This form includes entries for full name, PAN, Aadhaar number, address, date of birth (DoB), mobile number, email id.

The form also asks users to enter financial details such as account number, IFSC code, CIF number, debit card number, expiry date, CVV, and PIN.

Next, the Android malware, presenting itself as a government form, asks the user to proceed with the option of transferring a potential refund amount to their account. The moment the user enters the amount and clicks on ‘Transfer’, the application shows an error and demonstrates a fake update screen.

During this process, the Trojan virus sends the user details to the hacker/cybercriminal, including all the SMS data, call logs, and banking details.

How can you identify the Drinik malware?

The agency also shared indicators of compromise (IOC) to better track down the malware.

File Hashes:

103824893e45fa2177e4a655c0c77d3b

28ef632aeee467678b9ac2d73519b00b

78745bddd887cb4895f06ab2369a8cce

8cc1e2baeb758b7424b6e1c81333a239

e60e4f966ee709de1c68bfb1b96a8cf7

00313e685c293615cf2e1f39fde7eddd

04c3bf5dbb5a27d7364aec776c1d8b3b

C2 servers:

jsig.quicksytes[.]com

c4.mypsx[.]net

fcm.pointto[.]us

rfb.serveexchange[.]com

File Type: .apk

Unveiling Elections 2024: The Big Picture', a fresh segment in HT's talk show 'The Interview with Kumkum Chadha', where leaders across the political spectrum discuss the upcoming general elections. Watch now!

Get Current Updates on India News, Election 2024, Mukhtar Ansari Death News Live, Bihar Board 10th Result 2024 Live along with Latest News and Top Headlines from India and around the world.
SHARE THIS ARTICLE ON
Share this article
SHARE
Story Saved
Live Score
OPEN APP
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Friday, March 29, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On