Beware of trojan malware attack, MeitY warns customers of major banks

CERT-In says that if any such suspicious activity is noticed by users they should immediately report with relevant details to incident@cert-in.org.in.

CERT-In explained about the malware attack on its website. The post said that the victim first receives an SMS having a link to some phishing website (the link is similar to that of the Income Tax department’s website). After the customer clicks on the link, he/she is asked to enter personal information and then download the malicious APK file in order to complete the verification.

After the installation is completed, the app asks the user to grant some permissions like SMS, call logs, contacts, etc. The users are then asked to enter data like personal information including the full name, PAN Card details, Aadhaar details, address, date of birth, mobile number, email address, and other bank details like CVV number, IFSC code, etc.  If the user doesn’t enter any sort of information, the same screen with the form is displayed and he/she is asked to fill in to proceed further.

After the details are entered, the application says that there is a refund amount that could be transferred to their bank account. When the user enters the refund amount and clicks on the “Transfer” option, the app shows an error and displays a fake update screen.

While the screen for installing updates is shown to the user, Trojan malware at the backend transfers all the data including the user’s SMS and call log details to the attacker’s machine. All these details are then used by attackers to show relevant mobile banking screen on the user’s device. When the user enters the mobile banking details, they are captured by the attacker.