The Drinik virus is back and now targeting Indian banks. As many as 18 banks are on the radar of the latest version of the Drinik virus. The Drinik virus was in the news since 2016 and now it’s back. The malware targets Android users and steals sensitive bank details as well as personal data. Issue reported by Cyble.
How Drinik affects Android users
The latest version of the Drinik virus targets users by sending an SMS that contains an APK file. The APK file is called iAssist. The iAssist app mimics the official tax management tool of the Indian Revenue Department. Once installed, the APK file asks for permission to read, receive and send SMS from the user’s phone. Also, the app asks for permission to read the call log of the users phone.
The Drinik malware then asks the user to enable the accessibility service. When the user activates the accessibility service, it disables Google Play Protect, the app performs multiple functions without the user’s knowledge. Drinik can also record screen, perform navigation gestures and capture keystrokes.
Once the app gets all its permissions, it opens the Indian Income Tax website through WebView. However, you will be shocked to know that the app opens the genuine Indian Income Tax website and not a phishing page. The application uses keyboard recording functionality along with screen recording to use the user’s login credentials. As soon as the login is done, the user gets a box on the screen indicating that he/she is eligible for the refund. When the user clicks on the Apply button on the screen, he/she is redirected to the phishing page which looks like the original Income Tax Department website. Now users have to enter financial details which include account number, credit/debit card number, CVV as well as PIN.