wordpress blog stats
Connect with us

Hi, what are you looking for?

What we know about a new trojan malware attack targeting Indian mobile banking users

An alert sent by Indian CERT told users how to avoid falling victim to the malware which is posing as an Income Tax refund portal.

The Indian Computer Emergency Response Team (CERT-In) issued an advisory stating that Drinik Android malware which was masquerading as a portal for Income Tax refund, was targeting Indian online banking users.

It has been observed that Indian banking customers are being targeted by a new type of mobile banking campaign using Drinik android malware. Drinik started as a primitive SMS stealer back in year 2016 and has evolved recently to a banking trojan that demonstrates phishing screen and persuades users to enter sensitive banking information. Customers of more than 27 Indian banks including major public and private sector banks have already been targeted by the attackers using this malware — Indian Computer Emergency Response Team

There has been a spurt in cyber attacks in India, including alleged attacks perpetrated by Chinese state actors. As of today, India still does not have a data protection law and the National Cyber Security Strategy which has been in the pipeline since 2019, has still not been finalised. The proposed strategy will have a clause for claiming cyber insurance, which could help victims of cyber attacks.

How does the malware work?

According to CERT-In —

  • First, the victim receives an SMS containing a link to a phishing website (similar to the website of Income Tax Department, Govt. of India)
  • The person is asked to enter personal information and download and install the malicious APK file in order to complete verification.
  • Data asked includes:
    • PAN
    • Aadhaar number
    • Address
    • Date of birth
    • Mobile number
    • Email address
    • Bank account number, and so on
  • After this, the application states that there is a refund amount that could be transferred to the user’s bank account
  • The user enters the amount and clicks “Transfer”
  • The application shows an error and shows a fake “update” screen.
  • While the screen for installing updates is being shown, Trojan in the backend sends the user’s details including SMS and call logs to the attacker’s machine.
  • These details are used by the attacker to generate the bank-specific mobile banking screen and render it on the user’s device.
  • The user is then requested to enter the mobile banking credentials which are captured by the attacker.

“These attack campaigns can effectively jeopardize the privacy and security of sensitive customer data and result in large scale attacks and financial frauds,” CERT-In said.

Recommendations by CERT-In to mitigate such risks

  • Limit download sources to official app stores.
  • Prior to installing apps even from Google Play Store, review app details such as number of downloads, user reviews, comments, and the “additional information” section.
  • Verify app permissions and grant only those permissions which have relevant context for the app’s purpose.
  • Do not check the “Untrusted Sources” checkbox to install side-loaded apps.
  • Install Android updates and patches as and when available from Android device vendors.
  • Do not browse untrusted websites or follow untrusted links.
  • Look for suspicious numbers that don’t look like real mobile phone numbers.
  • Do extensive research before clicking on the link provided in the message.
  • Install and maintain updated anti-virus and anti-spyware software.
  • Use safe browsing tools, filtering tools (antivirus and content-based filtering) in your antivirus, firewall, and filtering services.

Over 6 lakh cybersecurity incidents in 2021 so far

Recently, while responding to a parliamentary question, the Ministry of Electronics and Information Technology (MeitY) revealed that the Indian Computer Emergency Response Team (CERT-In) observed a total of 6,07,220 cybersecurity incidents in the first half of 2021.

In 2020, CERT-In tracked 11,58,208 cybersecurity incidents. The number from January to June this year is on track to beat last year’s number, which was in itself a sharp rise from the 3,94,499 incidents that were tracked in 2019.

In April this year, Sophos, a British IT security company reported that about 52% of Indian companies fell victim to a successful cyber attack in the last 12 months. The report says that the migration to work-from-home owing to the COVID-19 pandemic posed additional challenges to companies’ cybersecurity capabilities.

Advertisement. Scroll to continue reading.

National Cyber Security Strategy in ‘final stages’

In August, while responding to another question asked in the Lok Sabha, the Ministry of Defence said that the government was in the “final stages” of approving the strategy. The new policy will cover —

  • Governance and data as a national resource
  • Building indigenous capabilities
  • Cyber audit
  • Drones
  • Decentralisation of cybersecurity responsibilities
  • Cyber insurance
  • Internet of Things
  • Ransomware

Currently, India adheres to the National Cyber Security Policy 2013 but the policy is considered to be outdated given the pace of change that has taken place in cyberspace over the last eight years.

Also read:


Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.


When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ