Warning by Government: to Android phone users
Government warns and shares tips to all Android phone users to be cautious while using mobile banking apps and not become a victim of online fraud during any transaction.
As we are moving towards technological advancement, our privacy is also at stake and the chances of online frauds are huge, according to the government online fraud is committed using the internet and can involve risks of financial fraud and identity theft.
There are several forms of online theft that are conducted by non-ethical hackers and are sent in the form of viruses or malware that attack the computers, smartphones, and various other gadgets to gain access to personal data to e-mails that lure its targets in linking towards money multiplying sources that show various schemes even of banks.
The Indian Computer Emergency Response Team (CERT-In) is warning all smartphone users especially Android phone users to apply caution against a new malware named 'Drinik' that steals user’s online banking login details. The malware is said to be targeting more than 27 Indian banks including major public and private ones.
How the malware works
After the personal data is entered by the user, the app states that there is an Income Tax refund amount that could be transferred to the bank account of the user, when the person clicks on “transfer”, the app shows error and demonstrates a fake update screen. While the screen for installing updates is shown, Trojan(malware) in the backend sends the user's details including SMS and call logs to the attacker's machine.
As per CERT-In, “These details are then used by the attacker to generate the bank-specific mobile banking screen and render it on the user's device. The user is then requested to enter the mobile banking credentials which are captured by the attacker.” and thus the innocent user gets trapped.
How to stay safe from this malware
According to CERT-In, the best way to prevent the virus is limiting your download from unknown sources or even from the trusted sources like the play store and if absolutely necessary always remember to review app details, number of downloads, user reviews comments, etc. Secondly, Verify in-app permissions and grant only those permissions that do not ask for your call records or messages, and to be absolutely sure try not to surf on un-trusted websites or browse un-trusted links and exercise caution while clicking on the link, look for suspicious numbers that seem fake and with a bit of caution you will be safe from this threat.
