The Drinik malware imitates an Income Tax software, tricking users into divulging all of their mobile banking information and other sensitive information.
Drinik is a malware that steals vital data and financial credentials from a smartphone user. CERT-In, the Indian Computer Emergency Response Team, has issued a warning to many banks. Customers of 27 public and private banks in the country have been hit by the malware so far.
The Drinik malware is currently imitating an Income Tax Department software, and after a user has been duped into downloading it, it captures all sensitive data. Not only that, but the malware also forces the user to complete a transaction, after which it crashes and displays a bogus warning. In the meantime, it gathers all of the essential information from the user.
CERT-In has described how this malware preys on its victim in great detail. The phishing procedure begins with the victim receiving an email or SMS containing a link to the phishing URL. In order to entice the victim, the email or SMS imitates an official government website (in this example, the Income Tax Department).
The link leads to an app, which, if installed on the user's cellphone, requests access to all of the device's basic permissions, including call records, SMS history, contacts, images and media, and more. The software then prompts you to enter your full name, PAN, Aadhaar number, address, date of birth (DoB), mobile number, and email address.
Following that, all sensitive banking information such as account number, IFSC code, CIF number, debit card number, expiration date, CVV, and PIN is requested. After entering this information, the app prompts the user to execute a refund transaction. The app displays an error with a false update page as soon as the transaction is completed.
During this time, the malware has gathered all of the victim's vital and sensitive financial information and sent it to the cybercriminal.
Although the CERT-In team has provided some technical details to investigate, the most straightforward method to avoid the occurrence is to avoid clicking on suspicious links in SMS messages and emails. Suspicious messages or emails should never be used to download programmes or open websites.