SMISHING and Fake Android app Targets Tax Payers


The Drinik Android malware attack is targeted at Indian banking customers. Disguised as a message for income tax refund, the phishing link sent via SMS tricks users into sharing their sensitive banking information. The recent malware outbreak targeted customers of over 27 Indian private and public sector banks.

How it Works:

  1. Victims get an SMS that looks to be from the income Tax Department. The SMS has a link to a fake website that looks similar to the Income Tax Department website.

  2. The users are then prompted to enter their personal details.

  3. They then download and install APK (Android installer file) to complete the certification.

  4. The malicious app looks like the official Income Tax Department App and asks for permission to access phone contacts, gallery, call logs, and SMS.

  5. The user is then prompted to enter personal information such as name, Aadhar card number, DOB, bank information, credit card number, and details such as CVV, expiration date, and so on.

  6. Once users have shared these details, the application displays that the users have an ITR refund which they can receive in their bank account. The user is then prompted to enter the due amount and select the Transfer button in order to claim the refund.

  7. The malicious code is then executed in the backend, and user data such as SMSs, call    logs, and so on are shared with the attackers.

The attack is highly sophisticated, posing a significant threat to the security of financial systems.

SecurityAdvisor Employee Tips :
Do not download apps from unauthorized sources.
Do not click on links in SMS that lead to a tax refund or free gifts.
Do not share financial information on links received through unauthorized SMS or emails.

Learn how SecurityAdvisor can help your team

Schedule some time to talk with one of our experts and they will show you how we can help your organization.

Request A Demo