[ad_1]
An updated version of the Drinik malware has been found to compromise the data of 18 bank customers. According to Cyble analysts (via Bleeping Computers), malware has emerged in an Android trojan that can steal important personal details and bank credentials. For those who don’t know, Drinik is a malware that has been plaguing the banking industry since 2016. Later it worked as an SMS thief, but now it has added banking trojan features. In the new form, it is capable of screen recording, keylogging, abusing Access services, and performing covert attacks.
How does the Drinik Android Trojan target customers?
According to the report, the latest version of the Drinik malware comes in the form of an APK called iAssist. iAssist is the official tax management tool of the Indian Tax department. When installed on a device, the APK file will request permission to read, receive and send SMS in addition to reading the user’s call log. It also requires permission to read and write to external storage.
Like other banking trojans, Drinik relies on the Access Service. Upon launch, the malware asks the victim for permission, followed by a request to enable the Access Service. Then it disables Google Play Protect and starts performing automatic actions and blocking keystrokes.
Then, it loads the real Indian income tax website, instead of showing fake phishing pages. Before showing the login page to the victim, the malware will display a confirmation screen for biometric verification. When the victim enters a PIN, the malware steals the biometric PIN and records the screen using MediaProjection while also capturing keystrokes. The stolen details are then sent to the C&C server.
What is alarming is that in the latest version of Drinik, TA only targets victims with legitimate income tax website accounts. When the victim successfully logs into the account, it displays a fake dialog box on the screen that mentions the following message:
Our database shows that you are eligible for an immediate tax refund ₹57,100 – from your previous tax calculations till date. Click Apply to apply instantly and receive your refund in your registered bank account within minutes.
This is when the user is redirected to a phishing site when the user clicks on the Apply button. Malware now allows victims to send personal details such as full name, Aadhar number, PAN number, and other details along with financial information, which includes Account Number, Credit Card Number, CVV, and PIN. The stolen data is sent back to the C&C servers.
Drinik targets banks
The Drinik malware trojan targets banks that use Access Services for events related to targeted banking applications, such as their apps. Drinik exploits the “CallScreeningService” to disable incoming calls to intercept logins and steal data. According to the report, the malware targets 18 customers, SBI being one of them.
Get all the News and Technology Updates on Live Mint. Download Mint News App to get Daily Market Updates & Live Business News.
More Less
[ad_2]
Source link
