This mobile banking malware is targeting customers of 27 Indian banks via income tax refund

Cybersecurity specialists from India reported the detection of Drinik, a new variant of malware for Android devices that masquerades as a fake tax refund notification in order to access victims’ financial information, including their online banking login credentials.

In the attacks reported so far, users receive an SMS message containing a link, which redirects to a phishing website very similar to the official platform of the Income Tax Department. Upon entering this website victims find a form for them to enter their confidential information and download a malicious APK.

This application, disguised as a tool for calculating taxes, will ask the user for permission to access their contact list, SMS messages, call history and other records. In case the user has not completed the website form, it could appear again in the application.

This form asks users to submit records such as full names, dates of birth, email addresses, phone numbers, and Aadhaar numbers. In addition to these records, the form asks users for some financial details, such as debit card number, expiration date, security number, and PIN, in a clear indication that this is all a scam.

If victims fall into the trap and hand over their information to users, this information will be sent to a location controlled by the attackers, including the victim’s SMS messages, calls and system logs.

For security, citizens of India are advised to avoid downloading potentially harmful apps on their devices, which also involves evading the use of unofficial app repositories. As for email security, always remember to verify the authenticity of the sender’s address, since at this stage of the attack is when users have more capabilities to cut short with the threat.

The Drinik malware could affect customers of nearly 30 financial institutions in India, so it’s best to be alert to avoid worst-case scenarios.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.