Fake Tax Refund App Delivers the Drinik Trojan to Indian Users

The Indian Computer Emergency Response Team, CERT-in, is reporting a new Android banking Trojan active in the region. The threat, dubbed Drinik, is actively targeting users in India. So far, cybersecurity researchers have identified over 27 different Indian banks whose customers were attacked by the Drinik Android Banking Trojan. They add that Drinik is not a new name in the cybercrime field – the first copies of it date back to 2016. However, the old versions of Drinik were far simpler – the malware was only able to work as an SMS stealer. The modern version, however, is a fully-fledged banking Trojan.

The Dangerous Drinik Android Banking Trojan Mimics Bizarro's Campaign

What is interesting about the Drinik Android Banking Trojan is how its criminals are spreading it. They are using a strategy similar to the one that the authors of the Bizarro Banking Trojan use. They approach victims through fake text messages, which claim to come from the Income Tax Department. It urges the user to download an app that will enable them to generate tax refunds. It is important to mention that such an app and practice exists – however, the phishing text messages deliver a fake application.

If a user falls for the scam, they may unknowingly download a fake copy of the Income Tax Department app. It asks them to fill out basic information such as their name, address, PAN, Aadhaar number, and more. However, it also asks for data that the Income Tax Department would not request – such as credit card number, CVV, PIN, and expiration date. Not only does this basic phishing scam steal financial data, but the Trojan may also exfiltrate additional information in the background – contacts, text messages, call logs, and more.

If the attackers determine that the target is worth chasing, they could take their attack a step further by generating a fake mobile banking overlay based on the information the victim supplies. They could use this to steal more information or even to trick the victim into initializing fraudulent transfers.

Indian users should keep their phone and data safe by investing in reputable antivirus software. In addition to this, they should not trust random text messages asking them to follow links and download apps. In the case of the Income Tax Department app, they should download it from the official Google Play Store.

September 24, 2021
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.