New Delhi, Tech Desk. A new version of Drinkic Android Trojan has been discovered that can steal some of your important bank details Let us tell you that Drinik is an old malware, which has been in great discussion since 2016. The Indian government earlier issued a warning to Android users about this malware, which steals users’ sensitive information in the name of generating income tax refunds.
Now, a new version of the same malware with EndVass capabilities has been identified by Sybil and is specifically targeting users in India and users of 18 Indian banks. Although the information of all these banks is not yet available, SBI is definitely included among these banks.
Read more- SOVA Malware: SBI and PNB Customers Beware! Your bank account should not be empty anywhere, this malware is stealing your details
New Drinik Android Banking Trojan Found
An advanced version of the Drinik malware has been discovered, which targets users by sending an SMS with the APK file. This includes an app called iAssist, which looks like the official tax management tool of the Income Tax Department of India. Once users install the app on their Android phones, it asks them to grant permission for certain operations. This includes the ability to receive, read and send SMS, read call logs and read and write external storage.
Request permission for access
Next, the app also requests permission to use accessibility services with the intention of disabling Google Play Protect Once a user grants permission, the app gets a chance to perform certain actions without notifying the user about it. With this, the app is capable of navigation gestures, record screen and key presses.
When the app gets all the permissions and access to the functions it wants, it opens a genuine Indian Income Tax website through WebView instead of loading a phishing page. While the site is real, the app uses screen recording with keylogging functionality for users’ login credentials.
Works like this
This app also has the ability to check if the stolen data (User ID, PAN, Aadhaar) is correct. For this, this app checks whether the login is successful or not. Once logged in, a bogus dialog box appears on the screen, stating that the tax agency has assumed that the user is eligible for a refund of Rs 57,100 due to some wrong assumption made earlier. The victim is then given a “Continue” button to get back.
It redirects the user to a phishing page, which looks like a genuine Income Tax Department website. Here, people are asked to enter their financial details, such as account number, credit card number, CVV and card PIN.
Read more- What is the reason for the increase in the price of Apple Music? Find out why here, says Tim Cook
Edited by: Ankita Pandey