Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Income Tax Returns. Show all posts

Banking Trojan Posing as I-T Refund hits 27 Indian Banks

 

In India, cyberspace has identified a banking Trojan virus that lurks at attacking bankers using Android smartphones, stated the country’s federal cyber security agency, CERT-In, in an advisory alert. Further, the Indian Computer Emergency Response Team (CERT-In ) has claimed that the virus has attacked clients from over 27 public and private sector banks. 

The phishing malware seems to masquerade as the 'income tax refund' – a social engineering piece of malware which targets personal information – and can 'effectually endanger the confidentiality of sensitive customer information and lead to massive attacks and financial frauds,' the CERT-In said, adding: “It has been observed that Indian banking customers are being targeted by a new type of mobile banking campaign using Drinik Android malware.” 

While explaining the invasion operation, the agency said that a victim would have been prompted to fill in personally identifiable information, download and install malicious APK files to finish the requisite verification on a phishing website (as it is on the website of the tax service). The victim would get a link redirecting it to a phishing website. 

“If the user does not enter any information on the website, the same screen with the form is displayed in the Android application and the user is asked to fill in to proceed,” they said. 

Furthermore, Full name, PAN number, Aadhaar number, permanent addresses, birthdates, cell phone number, and financial information, such as bank details, account number, IFSC code, CIF number, debit cards, expiration date, CVV, and PINs, are included as part of the data asked to be filled by the user. 

Once the user has submitted the details, the program claims that a refund amount may be deposited to the user's bank account, and the application exhibits an error and displays a false upgrade page whenever the user enters the amount and selects the "transfer" options. 

During the display of the screen to install the update, Trojan will forward the information about the user to the attacker. 

"These details are then used by the attacker to generate the bank-specific mobile banking screen and render it on the user's machine. The user is then requested to enter the mobile banking credentials which are captured by the attacker," it said. 

The advisory proposes several counter efforts to stop such attacks and malware, such as downloading apps from the official app shops, installing suitable updates and patches on Android, using secured internet browsing tools, carrying out detailed research before clicking on a link in the message, and looking for true certificates of encryption by checking for a green browser lock.

India's Top 5 Banks Targeted in a Phishing Scam

 

The customers of State Bank of India (SBI), ICICI, HDFC, Axis Bank, and Punjab National Bank (PNB) have been alerted regarding a serious security vulnerability. Threat actors are trying to lure Indian users into revealing important private information using the mobile apps of the aforementioned banks. The report suggests that suspicious messages prompted users to submit an application for disbursement of the income tax refund. 

The threat actors are attaching a link with these texts that looks like an income tax e-filing web page. The suspicious links originate from the US and France without a domain name and are not linked with the Indian government, as per the revelation made in an investigation by New Delhi-based think tank CyberPeace Foundation along with cybersecurity services firm Autobot Infosec. 

Furthermore, the report claims that all IP addresses associated with the campaign belong to some third-party cloud hosting providers. The entire campaign uses the normal or plain HTTP protocol instead of the secure https. This means that anyone on the network or the internet can intercept traffic and obtain confidential information in normal text format to misuse against the victim.

How do threat actors exploit vulnerabilities?

Threat actors install malware in these banking apps and then lure the users in downloading an application from a third-party source instead of the Google Play Store. This application then asks the administrator to provide all rights and permit unnecessary use of the device. 

On opening the link http://204.44.124[.]160/ITR, users are redirected to a landing page, which looks similar to the official government income tax e-filing websites. Now, the users are asked to click on the 'green color' and proceed to the verification steps. Users are further asked to submit private information such as their full name, PAN number, Aadhaar number, address, PIN code, date of birth, mobile number, email address, gender, marital status, and banking. 

Apart from this, they are also asked to fill in information such as account number, IFSC code, card number, expiration date, CVV, and card PIN. All of this information is being finally transferred to the threat actors.