In order to obtain financial information, such as account numbers, IFS codes, CIF numbers, debit card numbers, expiration dates, CVV, and PINs, phishing scams pose as income tax refunds. They can obtain full names, PANs, Aadhaar numbers, addresses, dates of birth, and mobile numbers. Additionally, email addresses, call logs, and message logs. A banking Trojan masquerading infection that has been found in Indian cyberspace targets bank customers using Android phones and has already hit more than 27 public and private sector banks. According to the most recent advice from the federal cyber security agency of the nation.

Phishing malware is a social engineering computer virus attack to steal personal data and poses an income tax refund. According to the CERT-In advisory published on Tuesday “effectively jeopardizes the privacy of sensitive customer data. It and can lead to large-scale attacks and financial frauds”.

It has been detected that a new form of mobile banking campaign using Drinik android malware targeting Indian banks users”.

“Drinik originated as a crude SMS thief back in 2016, and it has lately developed into a banking Trojan. The banking trojan displays a phishing screen and tempts users to enter sensitive financial information,” it claimed.


Attackers using this malware have already targeted customers of more than 27 Indian banks, including important public and private sector banks, according to CERT-In.

The Indian Computer Emergency Response Team, also known as CERT-In. The CERT-In is the federal government’s technical arm for defending the internet from online threats like phishing and hacker attacks.

Attack process

According to the report, the victim receives an SMS containing a link to a phishing website (resembling Income Tax Department). On that website, they are prompted to submit personal data and download and install the malicious APK file in order to complete verification.

This malicious Android app poses as the Income Tax Department app during installation and requests access. Especially to SMS, call logs, contacts, and other information. The android application would present the same screen with the form and prompt the user to fill it out before moving forward if they do not provide any information on the website, it claimed.

Full name, PAN, Aadhaar number, address, date of birth, cellphone number, email address. Also, financial information like account number, IFS code, CIF number, debit card number, expiration date, CVV, and PIN.

It claimed that after the user enters this information, the programme indicates that a refund may be paid to the user’s bank account.

The application displays an error and a false update screen when the user enters the amount and clicks “Transfer.”

The Trojan transfers user information, including SMS and call logs, to the attacker’s workstation “while the screen for installing the update is presented,” according to the statement.

“The attacker uses these details to create the bank-specific mobile banking screen and display it on the user’s computer. The user is then prompted to enter the attacker’s stolen mobile banking credentials, according to the statement.


Few preventative measures to protect against such attacks and malware, including always downloading apps from official app stores. Also, install the proper Android updates and patches as and when they become available. Use safe browsing tools, and conduct extensive research before clicking on any links included in messages. And keep an eye out for valid encryption certificates by looking for the green lock in the address bar of the browser before sharing sensitive personal data.

Additionally, it urged customers to immediately notify their bank of suspicious activities and to file a complaint with CERT-In.