The Drinik malware imitates Income Tax software, luring users into disclosing all of their mobile banking and other personal data.
Drinik is a smartphone malware that steals personal information and financial information. Many banks have received a warning from CERT-In, the Indian Computer Emergency Response Team. So far, ransomware has infected customers of 27 public and private banks across the country.
Why You Shouldn’t Save Debit/Credit Card Details Or CVV On E-Commerce Websites
Follow us on Twitter and Telegram
The Drinik malware is now impersonating Income Tax Department software and capturing all sensitive data after a victim has been fooled into downloading it. Furthermore, the malware drives the user to execute a transaction, following which it crashes and shows a false warning. In the interim, it collects all of the necessary data from the user.
CERT-In contains detailed descriptions of how this malware preys on its victim. The victim is phished when they receive an email or SMS containing a link to the phishing URL. The email or SMS imitates an official government website in order to entice the victim (in this example, the Income Tax Department).
The link takes you to an app that, if installed on the user’s phone, seeks access to all of the phone’s basic permissions, including call history, SMS history, contacts, photographs and media, and more. After that, the software will ask for your full name, PAN, Aadhaar number, address, date of birth (DoB), cellphone number, and email address.
After that, all sensitive banking information is required, including account number, IFSC code, CIF number, debit card number, expiration date, CVV, and PIN. The app prompts the user to initiate a refund transaction after inputting this information. As soon as the transaction is done, the app displays an error with a bogus update page.
Is Your Old IPhone Getting Slower? Here Is The Trick To Make It Faster…
Follow us on Twitter and Telegram
During this time, the malware has gathered and communicated to the cybercriminal all of the victim’s essential and sensitive financial information.
Although the CERT-In team has supplied some technical data for investigation, the easiest way to avoid the problem is to avoid clicking on suspicious links in SMS messages and emails. Using suspicious messages or emails to download programmes or open websites is never a good idea.
1 comment
Comments are closed.