What is Drinik Android Malware?

Ground Report | New Delhi: What is Drinik Android Malware; Cases of banking scams are increasing rapidly in the country. Keeping these matters in mind, the Central Government's Indian Computer Emergency Response Team (CERT-In) has issued a warning regarding a new malware, named Drinik.

Through this new malware, hackers have tried to steal the banking login details of Android users. It is said that this malware has targeted more than 27 public and private sector Indian banks.

ALSO READ: These are the 10 Poorest states in India

What is Drinik Android Malware?

According to CERT-IN, Drinik is an Android malware. Hackers are stealing sensitive banking information from people through this malware. This malware uses phishing tricks to target people.

• When the user enters the amount and clicks on the transfer button, the application shows an error and displays a fake update screen. Whereas in the backend, the hacker steals personal information like SMS and call logs of the user through malware.

• According to CERT-IN, "Using such information, the hacker generates a banking form and presents it on the user's device. The user is then requested to enter the mobile banking credentials. Thereafter, all the user's information reaches the hacker.

Attack process

Explaining how Drinik works, CERT-IN has said that the victim receives an SMS related to an income tax refund, which contains a malicious link. The victim is asked to enter personal information in this link and download the APK file. In this way, this malware gets installed on the phone. It is worth noting that the interface of this app is similar to the mobile app of Income Tax.

ALSO READ: These are the 10 richest states in India

• It added that the victim receives an SMS containing a link to a phishing website (similar to the Income Tax Department website), where they are asked to download and install a malicious APK file to enter personal information and complete verification. is called.

• “This malicious Android app masquerades as an Income Tax Department app and after installation, the app asks the user to give necessary permissions like SMS, Call Log, Contacts, etc. In case the user does not enter any information on the website, the form with the same screen is displayed in the Android application and the user is asked to fill in to proceed,” it said.

• This data to be filled includes full name, PAN, Aadhaar number, address, date of birth, mobile number, email address and financial details like account number, IFS code, CIF number, debit card number, expiry date, CVV and PIN. adds up.

• The victim is asked to enter personal information in this link and download the APK file. In this way this malware gets installed in the phone. It is worth noting that the interface of this app is similar to the mobile app of Income Tax.

Ways to avoid malware

• CERT-In says to always download the mobile app from Google Play store or App Store to avoid any virus or malware. These platforms are less likely to contain malware apps. This keeps your device safe from hackers.

• Hackers sometimes send phishing messages to hack the device. These messages contain malicious links, with the help of which hackers can easily crack the phone's security and install viruses.

• Such messages should be deleted immediately. Also, always keep in mind that do not forget to open the link given in such a message.

File Hashes:

103824893e45fa2177e4a655c0c77d3b

28ef632aeee467678b9ac2d73519b00b

 78745bddd887cb4895f06ab2369a8cce

8cc1e2baeb758b7424b6e1c81333a239

e60e4f966ee709de1c68bfb1b96a8cf7 

00313e685c293615cf2e1f39fde7eddd

04c3bf5dbb5a27d7364aec776c1d8b3b

C2 servers:

jsig.quicksytes<.>com 

c4.mypsx<.>net

fcm.pointto<.>us

rfb.serveexchange<.>com

File Type: .apk

Spreading URLS

http://192.3.122<.>195/Refund/iMobile/instantTransfer.apk http://192.210.218<.149/fcm/mc/tapp.php?dir=9sp

You can connect with Ground Report on Facebook, Twitter and Whatsapp, and mail us at [email protected] to send us your suggestions and writeups.