What we know about a new trojan malware attack targeting Indian mobile banking users

The Indian Computer Emergency Response Team (CERT-In) issued an advisory stating that Drinik Android malware which was masquerading as a portal for Income Tax refund, was targeting Indian online banking users.

It has been observed that Indian banking customers are being targeted by a new type of mobile banking campaign using Drinik android malware. Drinik started as a primitive SMS stealer back in year 2016 and has evolved recently to a banking trojan that demonstrates phishing screen and persuades users to enter sensitive banking information. Customers of more than 27 Indian banks including major public and private sector banks have already been targeted by the attackers using this malware — Indian Computer Emergency Response Team

There has been a spurt in cyber attacks in India, including alleged attacks perpetrated by Chinese state actors. As of today, India still does not have a data protection law and the National Cyber Security Strategy which has been in the pipeline since 2019, has still not been finalised. The proposed strategy will have a clause for claiming cyber insurance, which could help victims of cyber attacks.

How does the malware work?

According to CERT-In —

• First, the victim receives an SMS containing a link to a phishing website (similar to the website of Income Tax Department, Govt. of India)
• The person is asked to enter personal information and download and install the malicious APK file in order to complete verification.
• Data asked includes:
  • PAN
  • Aadhaar number
  • Address
  • Date of birth
  • Mobile number
  • Email address
  • Bank account number, and so on
• After this, the application states that there is a refund amount that could be transferred to the user’s bank account
• The user enters the amount and clicks “Transfer”
• The application shows an error and shows a fake “update” screen.
• While the screen for installing updates is being shown, Trojan in the backend sends the user’s details including SMS and call logs to the attacker’s machine.
• These details are used by the attacker to generate the bank-specific mobile banking screen and render it on the user’s device.
• The user is then requested to enter the mobile banking credentials which are captured by the attacker.

“These attack campaigns can effectively jeopardize the privacy and security of sensitive customer data and result in large scale attacks and financial frauds,” CERT-In said.

Recommendations by CERT-In to mitigate such risks

• Limit download sources to official app stores.
• Prior to installing apps even from Google Play Store, review app details such as number of downloads, user reviews, comments, and the “additional information” section.
• Verify app permissions and grant only those permissions which have relevant context for the app’s purpose.
• Do not check the “Untrusted Sources” checkbox to install side-loaded apps.
• Install Android updates and patches as and when available from Android device vendors.
• Do not browse untrusted websites or follow untrusted links.
• Look for suspicious numbers that don’t look like real mobile phone numbers.
• Do extensive research before clicking on the link provided in the message.
• Install and maintain updated anti-virus and anti-spyware software.
• Use safe browsing tools, filtering tools (antivirus and content-based filtering) in your antivirus, firewall, and filtering services.

Over 6 lakh cybersecurity incidents in 2021 so far

Recently, while responding to a parliamentary question, the Ministry of Electronics and Information Technology (MeitY) revealed that the Indian Computer Emergency Response Team (CERT-In) observed a total of 6,07,220 cybersecurity incidents in the first half of 2021.

In 2020, CERT-In tracked 11,58,208 cybersecurity incidents. The number from January to June this year is on track to beat last year’s number, which was in itself a sharp rise from the 3,94,499 incidents that were tracked in 2019.

In April this year, Sophos, a British IT security company reported that about 52% of Indian companies fell victim to a successful cyber attack in the last 12 months. The report says that the migration to work-from-home owing to the COVID-19 pandemic posed additional challenges to companies’ cybersecurity capabilities.

Advertisement. Scroll to continue reading.

National Cyber Security Strategy in ‘final stages’

In August, while responding to another question asked in the Lok Sabha, the Ministry of Defence said that the government was in the “final stages” of approving the strategy. The new policy will cover —

• Governance and data as a national resource
• Building indigenous capabilities
• Cyber audit
• Drones
• Decentralisation of cybersecurity responsibilities
• Cyber insurance
• Internet of Things
• Ransomware

Currently, India adheres to the National Cyber Security Policy 2013 but the policy is considered to be outdated given the pace of change that has taken place in cyberspace over the last eight years.

Also read:

• 2021 is going to be the year of ransomware: National Cybersecurity Coordinator Lt Gen (Dr) Rajesh Pant – #NAMA
• 416 crores allocated this year to strengthen nation’s cybersecurity, here are some measures taken so far: IT Ministry
• India’s New Defence Cyber Agency – Nidhi Singh, CCG-NLUD
• India’s New Defence Cyber Agency—II: Balancing Constitutional Constraints And Covert Ops?
• ‘National Cyber Security Strategy Will Have Framework For Cyber Insurance’: Rajesh Pant

Have something to add? Post your comment and gift someone a MediaNama subscription.