The Indian Computer Emergency Response Team (CERT-In) has warned Android smartphone users about a new malware named Drinik. This malware steals the information of online banking login of the users . In a Gadgets Now report, Dainik malware is being told that it is declaring more than 27 Indian banks. Here we are giving you complete information about this malware.
What is the new Drinik Android malware?
According to CERT-IN, Drinik Android malware has been made to target Indian banking users, which is being shared in the name of income tax refund. Users submit their banking information in the name of income tax refund, making them a victim of fraud.
How is this malware reaching the Android phone?
Regarding Drinik, CERT-In says that people are getting links about this malware through SMS. The website to which this link belongs looks like the site of Income Tax Department. Here users are asked to fill their complete information. Along with this, it is asked to download the APK link for verification. In this way this malware is reaching the Android Smartphone.
How does this malware work?
As soon as the user downloads the APK link and installs the app, it is first asked to accept permissions such as messages, call logs and contacts. It then asks the users to fill in their details, thereby asking the hackers to share the complete information of the users.
What information on Drinik asks?
This malware asks the user for information such as name, Aadhaar number, address, date of birth, mobile number, email’s financial details such as – bank account number, IFSC code, CIF number, debit card number, expiry date, CPP and PIN.
How this malware breaks into bank account
Once the user’s personal information is submitted, the app shows the page where the income tax refund amount is transferred from the user to the bank account. Here, as soon as the user enters the amount and clicks on the transfer button, this app shows an error and shows an update page. At the same time, this app transfers the SMS and call logs of the users from the backend to the hacker, which makes the users a victim of fraud.
How to avoid
- Android smartphone users should not download apps from any unknown sources to avoid fake apps. CERT-In also says that users should download the app only from the official app store.
- Before installing any app, you should check it in detail.
- Do not share your personal information on any website.
- Do not open links found on messages and WhatsApp.