Around 18 India banks have been affected by a new Android malware, details of which have been shared in a report by the Cyble Research and Intelligence Labs (CRIL) recently. The report claims that an Android malware named Drinik is operating under the guise of the Income Tax Dept of India and targeting 18 banks in the country.

Drinik has been around for a few years, but it became active again in 2021. The modus operandi of this malware can leave bank customers exposed to confidential payment details that can allow attackers to access your account and steal money. CRIL has explained the way the malware attacks your device, and you can read about it here.

How Drinik Malware Works On Android Phone

The malware is inserted into a device via a form of phishing attack which takes place through an SMS sent to your number. The malware is residing in the URL sent which carries the APK file for an app called iAssist, the supposed app mimicking the Income Tax Dept app. This iAssist app when installed will ask for permissions such as receive SMS, access call logs and even read the storage material on the phone.

In addition to this, the app will ask for permission to use the accessibility service, which allows the app to disable the Play Protect feature, leaving your device vulnerable to malware and other security risks.

Once it bypasses the device screening, the app now shares an authentication interface, which requires your biometric login to access, and that’s when the app steals the PIN and even captures the keystrokes to get the correct data for the login.

After this, the malware decides to show you a web page that looks exactly like the IT Dept website. It asks you to fill more details, like your Aadhaar number and the PAN number, which is also sent to the external server. It even tricks you into thinking that the IT dept has raised a return receipt for your filing, for which you have to click the URL link to apply for the IT return. Once again, you have clicked the malware-infected link and left your device to further surveillance and data theft.

This malware is smart in the way it operates, and anyone with limited understanding of such attacks. So, as we always recommend, never open links shared by random numbers or e-mail IDs, never download apps from unknown sources, also avoid sideloading Android apps that come from external app stores.

