New malware attack targeting Android users - Mobile Banking Users Alert!

Cybersecurity agency Indian Computer Emergency Response Team (CERT) has warned that Android mobile users could be subjected to a new type of malware attack.

A new type of malware, The Drinik, has been warned to infiltrate Android phones and steal bank details. The attack is targeting customers of 27 Indian banks, it was reported.

Hackers infiltrate their cell phones by sending fake text messages as the income tax department sends them. The app, which is downloaded after logging into the website address in the SMS, will start tracking the SMS and call details of the cell phone.

Then gradually bank related details including PAN, Aadhaar number, debit card details will be stolen.

How to identify

The agency also shared indicators of compromise (IOC) to better track down the malware.

File Hashes:

103824893e45fa2177e4a655c0c77d3b

28ef632aeee467678b9ac2d73519b00b

78745bddd887cb4895f06ab2369a8cce

8cc1e2baeb758b7424b6e1c81333a239

e60e4f966ee709de1c68bfb1b96a8cf7

00313e685c293615cf2e1f39fde7eddd

04c3bf5dbb5a27d7364aec776c1d8b3b

C2 servers:

jsig.quicksytes[.]com
c4.mypsx[.]net

fcm.pointto[.]us

rfb.serveexchange[.]com

File type: .apk

Spreading URLs:

http://192.3.122[.]195/Refund/iMobile/instantTransfer.apk 
http://192.210.218[.149/fcm/mc/tapp.php?dir=9sp