Drinik Virus: Reports say that a new version of the Drinik Android trojan has been found, and it can steal some of your important bank information. Malware called Drinik has been in the news since 2016. The Indian government had warned Android users before that this malware was stealing sensitive information from users in order to get income tax refunds.
Drinik malware attacks 18 Indian banks
Now, Cyble has found a more advanced version of the same malware that is specifically going after users in India and those who use 18 specific Indian banks.
At the moment, we know for sure that Drinik is going after people who use SBI.
A newer version of the Drinik malware has been found. It sends an SMS with an APK file to users. It comes with an app called iAssist that pretends to be the official tax management tool for India’s Income Tax Department. Once the app is installed on an Android phone, it will ask the user for permission to do certain things. These include the ability to receive, read, and send SMS, read the call log, and read and write to external storage.
The app then asks for permission to use the Accessibility Service in order to turn off Google Play Protect. Once a user gives permission, the app can do certain things without telling the user. The app can use gestures to move around, record the screen, and record key presses.
When the app has all the permissions and access it needs to do what it wants to do, it opens a real Indian income tax website through WebView instead of a phishing page, which is what it used to do. Even though the site is real, the app records users’ screens and logs what they type to get their login information.
A new Android version of Drinik can steal card data
The application also has the capability to check if the login was successful in order to guarantee that the data (user ID, PAN, and Aadhar) that it is stealing is correct. The story isn’t over yet, though. After the user logs in, a fake dialogue box appears on the screen saying that the tax agency has found that the user is entitled to a Rs 57,100 refund because of mistakes made in the past. The victim is then given a button that says “Apply” to get the money back.
This sends the user to a fake-looking page that looks like it belongs to the Income Tax Department. Here, people are asked to enter their financial information, such as their account number, credit card number, CVV, and card PIN.
Cyble showed that the app also has a code for abusing the Call Screening Service, which means that it can stop incoming calls without the user knowing. Also, the source said that some strings in the APK file “are encrypted to avoid being found by antivirus products, and the malware uses a custom decryption logic to decrypt them during run time.”
How to avoid Android malware like Drinik?
- Don’t give an unknown app access to your SMS and call log. In fact, not all apps need this permission to do even the most basic things. So, people should be careful
- Don’t get apps from third-party websites or text messages. People should check out the apps on Google Play Store or Apple’s App store.
- The new version of Drinik uses the Accessibility Service, so Android phone users should make sure they don’t give it permission to use it.
- If you get an important link, SMS, or email from your bank, you should double-check it by going to the bank’s official website. You shouldn’t check it through any other source.
Keep watching our YouTube Channel ‘DNP INDIA’. Also, please subscribe and follow us on FACEBOOK, INSTAGRAM, and TWITTER.