Customers of 18 banks, including SBI, are at risk. This can lead to the theft of some important bank details. Find out what the whole case is. Currently, there is a big threat to Indian bank users. A new version of Drinik Android Trojan has been discovered and this version can steal some of your important bank details.
Drinik is an old malware, which has been in the news since 2016. The Indian government had earlier warned Android users about this malware, which steals users’ sensitive information in the name of an income tax refund. Now, another version of the same malware with Advanced Capabilities has been identified by Cybele. The malware is targeting Indian users and those using 18 specific Indian banks, the report said. Also, it has been said that SBI users among these banks are the target of Drinik.
Drinik Android Banking Trojan:
An upgraded version of the Drinik malware has been identified, which targets users by sending SMS with an APK file. This includes an app called iAssist, which mimics India’s Income Tax Department’s official tax management tool. After users install the app on their Android phones, it asks them for permission for certain activities. This includes reading and sending SMS, reading call logs, and reading and writing to internal storage.
Then, the app requests permission to use accessibility services with the aim of disabling Google Play Protect. After the user gives permission, the app gets a chance to do something without telling the user about it. The app is able to capture navigation gestures, record screen,s and key presses. When the app gets all the permissions and access to the desired functions, it opens the real Indian Income Tax website through WebView instead of loading a phishing page. The app uses screen recording with keylogging functionality for users’ login credentials.
Fake dialog box:
The app also has the ability to check whether the login is successful and whether the data the app is stealing (User ID, PAN, Aadhaar) is correct. Once logged in, a fake dialog box is displayed on the screen. Then Apply button is given to get a refund. which sends users to phishing pages. Here, they are asked to fill in their financial details. Avoid downloading any app from third-party websites or SMS to stay away from Drinik and other Android viruses. Search for apps on Google Play Store or Apple App Store itself.
If you like this article, then just share it and then do subscribe to email alerts for Linux, Windows, macOS, Android, Internet, Firewall and Security, and CCTV tutorials. If you have any questions or doubts about this article, please comment.