There are many threats that exist when browsing the Internet. Many types of malware and viruses that can put our computers at risk. Keep in mind that the type of operating system or platform that we are using does not matter. We can be victims of this type of attack in any circumstance. For this reason, it is important to understand the operation of banking Trojans, which are an increasingly present type of threat such as the one we will see today called Drinik.

It must be borne in mind that we live in a time in which cyber attacks are very present and that on many occasions they are experiencing a great boom. It is true that security tools have improved to detect and avoid problems. However, hackers also perfect their techniques to carry out their attacks.

Called Drinik, the new banking malware has evolved from a primitive SMS thief in 2016 to a banking Trojan that persuades users to enter sensitive banking information, this attack campaign can effectively compromise the security of sensitive data. customers and cause large-scale attacks and financial fraud.

CERT explained about the malware attack Drinik on its website. The post said that the victim first receives an SMS with a link to some phishing website (the link is similar to the website of the income tax department). After the customer clicks the link, they are asked to enter personal information and then download the malicious APK file to complete the verification.

After the installation is complete, the application asks the user to grant some permissions like SMS, call logs, contacts, etc. Users are then asked to enter data such as personal information, including full name, PAN card details, Aadhaar details, address, date of birth, mobile number, email address, and other bank details. such as CVV number, IFSC code, etc. If the user does not enter any type of information, the same screen with the form is displayed and the user is asked to complete it to continue.

Later the application says that there is a refund amount that could be transferred to your bank account, with that alone it should sound suspicious, so you should be aware of what they send you or ignore it. When the user enters the refund amount and clicks the “Transfer” option, the application displays an error and displays a fake update screen. While the screen to install updates is displayed to the user, the Trojan malware on the backend transfers all data, including the user’s SMS and call log details, to the attacker’s machine.

Suggested and related links:
Numando new Banking Trojan Lurking on the Web
Dridex is a malware that targets banking credentials

Check our Cybersecurity services:
CERT Truxgo


Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *