Government agency warns bank customers about malware that steals money

0


[ad_1]

According to the country’s Nodal Cyber ​​Security Agency, customers of more than 27 Indian banks, including major public and private sector banks, have been targeted with the help of this malware.

India’s Computer Emergency Response Team (CERT-In) has issued an advisory to bank customers regarding Android malware that steals information and money.

(Subscribe to our Today’s Cache newsletter for a quick rundown of the 5 best tech stories. Click here to subscribe for free.)

Called Drink, the new banking malware has grown from a primitive SMS thief in 2016 to a banking Trojan that tricked users into entering sensitive banking information.

The attack campaign can effectively compromise the security of sensitive customer data and lead to large-scale attacks and financial fraud.

According to the country’s Nodal Cyber ​​Security Agency, customers of more than 27 Indian banks, including major public and private sector banks, have been targeted with the help of this malware.

The malicious app disguises itself as an income tax department app and asks users for permissions for a user’s SMS, call logs, and contacts. If the user has not filled in the information earlier, the same page is displayed on the app and they are asked to fill in to continue.

The information includes personal information such as full name, PAN, Aadhar number, address, date of birth, cell phone number and email address. It also requires financial information in the form of account number, IFS code, CIF number, debit card number, expiration date, CVV and PIN.

Once a user enters this information, the app indicates that a refund amount could be transferred to their account. When the user clicks on “Forward”, the application displays an error and displays a fake update screen.

During this time, the Trojan sends the user’s details to the attacker who then uses the information to generate a bank-specific mobile banking screen and display it on the user’s device. The user is then prompted to enter mobile banking information which is then captured by the attacker.

How to avoid falling victim to such an attack

In its advisory, CERT-in advised users to limit their download sources to official app stores and review app details as well as permissions requested by the app. It suggests users to install Android updates and patches and not to click on suspicious website domains and URLs, and not to enter your critical information on any website without ensuring its legitimacy.

Customers should look for suspicious numbers that don’t look like real cell phone numbers, as crooks hide behind text messaging services to avoid revealing their real phone number.

If any suspicious activity is observed on a user’s account, the user should immediately report it to their respective bank.

[ad_2]

Leave A Reply

Your email address will not be published.