Malware Alert! This Android virus is targeting data of 18 Indian banks
The Drinik virus is back and now targeting Indian banks. Up to 18 banks are targeted by the latest version of the Drinik virus. The Drinik virus has been on the news since 2016 and now it’s back to haunting. The malware targets Android users and steals sensitive banking details as well as personal details. The issue has been reported by Cyble.
How Drinik Affects Android Users
The latest version of the Drinik virus targets users by sending SMS containing APK files. The APK file is named iAssist. The iAssist app impersonates the official tax management tool of the Indian Tax Department. Once installed, the APK file requires permission to read, receive, and send SMS from the user’s phone. In addition, the application requires permission to read the call log on the user’s phone.
The Drinik malware then asks the user to enable Accessibility Services. When a user turns on Accessibility Services, it disables Google Play Protect, which performs many functions without the user’s knowledge. Drinik can also record the screen, perform navigation gestures, and capture keystrokes.
Once the App gets all the permissions, it opens the Indian Income Tax website through WebView. However, you will be shocked to know that the App opens the Original Indian Income Tax website and is not a scam site. The app uses keyboard recording along with screen recording to use user credentials. As soon as the login occurs, the user will receive an on-screen box indicating that they are eligible for a refund. When the user clicks the Apply button on the screen, they will be directed to a scam page that resembles the original website of the Income Tax Department. Users are now required to enter financial details including account number, credit/debit card number, CVV as well as PIN.