Trojan posing as I-T refund attacking Android users

According to India’s federal cyber security agency, CERT-In, a banking Trojan malware has been detected in Indian cyberspace. This trojan is lurking to attack bank customers using Android phones.


  • As per Indian Computer Emergency Response Team (CERT-In), Trojan malware has already targeted customers of more than 27 public and private sector banks.
  • The phishing malware is posing as an “income tax refund”. It can jeopardise the privacy of sensitive customer data and led to a large-scale attacks and financial frauds.
  • Phishing is a social engineering computer virus attack to steal personal data.

How this Malware attack users?

In the first instance, user receives an SMS comprising of a link to a phishing website which is similar to the website of Income Tax Department. On the website, users are asked to enter personal information, download and install the malicious APK file to complete the required verification. If user does not enter any information on the website, same screen with the form is displayed in Android application where users are asked to fill in to proceed.

Data asked to fill the application

Data that are required to be filled includes full name, address, date of birth, mobile number, email address, PAN, Aadhaar number and financial details like account number, CIF number, IFS code, debit card number, expiry date, CVV and PIN.

What happens next?

Once the details are entered by the user, application states that there is a refund amount that could be transferred to the bank account of user. When the user enters amount and clicks transfer, application shows an error and demonstrates a fake update screen. When the screen for installing update is shown, Trojan sends user’s details to the attacker’s machine, in the backend.




Latest E-Books