"Users of 18 Indian Banks Now Targeted by Drinik Android Malware"

A new variant of the Drinik Android malware is now targeting 18 Indian banks while masquerading as the country's official tax management app in order to steal victims' personal information and login credentials. Drinik, an SMS stealer that has been spreading in India since 2016, gained banking Trojan characteristics in September 2021, sending victims to phishing URLs that target 27 financial institutions. According to Cyble analysts who have been monitoring the situation, the malware's creators have transformed it into a full Android banking Trojan with screen recording, keylogging, access service exploitation, and the ability to conduct overlay attacks. The most recent iteration of the malware is contained by an APK file called "iAssist," which is said to be the official tax administration tool of India's Income Tax Department. It demands access to read the user's call history, read and write to external storage, and receive, read, and send SMS upon installation. The user is then prompted to grant the app permission to abuse the Accessibility Service. If allowed, it disables Google Play Protect and uses it to record the screen, record keystrokes, and perform navigational motions. Instead of loading phishing sites, the program eventually opens the real Indian income tax website through WebView and steals user credentials by recording the user's screen and employing a keylogger. Drinik will also check if the victim arrived at a URL that indicates a successful login to confirm the validity of the exfiltrated information. The victim is presented with a fake dialogue box claiming that the tax authority has determined that they are entitled to a refund due to prior tax calculation errors and inviting them to click the "Apply" button. The victims are then asked to enter financial information, such as account numbers, credit card numbers, CVVs, and card PINs, on a phishing page that looks exactly like the official Income Tax Department website. This article continues to discuss the Drinik Android malware.

CyberIntelMag reports "Users of 18 Indian Banks Now Targeted by Drinik Android Malware"