Curiosity to stay up to date on coronavirus pandemic related information can empty your bank account in case you are not aware of a trojan (malicious software or malware) floating around via SMS, the Central Bureau of Investigation (CBI) has warned.
In an alert to all states, union territories and central agencies, the CBI said a malicious software that uses updates related to the coronavirus pandemic could steal all financial data stored in mobile phones, including credit card or debit card details.
The CBI warning comes in the wake of input from the Interpol on a banking trojan called Cerberus. The malicious software takes advantage of the COVID-19 pandemic and sends an SMS to the user saying it would provide the COVID-19 related information. When the user clicks on the link, it installs a hidden malicious app in the mobile phone and extracts sensitive data, including bank account details.
The CBI says the trojan primarily focuses on stealing financial data such as credit card numbers. "In addition, it can use overlay attacks to trick victims into providing personal information and can capture two-factor authentication details," CBI warned.
The stolen data is used to carry out unauthorised transactions. Notably, several financial frauds are also taking place in India amid the coronavirus pandemic. The CBI had initially warned police departments across the country about the trojan in April, asking them to alert hospital authorities in their areas. As per the CBI's Interpol division's April 7 note, cybercriminals are using ransomware to hold medical facilities "digitally hostage" by preventing them from accessing vital files and systems until a "ransom" is paid.