Data of SBI and 17 other bank customers is at risk. Details here | Techy Kings


An upgraded version of the Drinik malware has been discovered which puts the data of 18 bank customers at risk. According to analysts at Cyble (via Bleeping Computers), the malware has evolved into an Android trojan that can steal important personal details and banking credentials. For those unaware, Drinik has been a malware affecting the banking industry since 2016. It then operated as an SMS thief, but has now added banking trojan features. In its new form, it is capable of screen recording, key logging, abusing Accessibility services and performing stack attacks.

How does Drinik Android trojan target customers?

According to reports, the latest version of the Drinik malware comes in the form of an APK named iAssist. iAssist is the official tax management tool of Indian Tax department. Once installed on the device, the APK file will ask for permission to read, receive and send SMS in addition to reading the user’s call logs. It also asks for permission to read and write to external storage.

Just like other banking trojans, Drinik relies on Accessibility Services. After launching, the malware prompts the victim for permission, followed by a request to enable Accessibility Services. It then disables Google Play Protect and starts performing auto-gestures and capturing keystrokes.

Next, it loads a genuine Indian income tax site, instead of displaying a fake phishing page. Before showing the login page to the victim, the malware will display a confirmation screen for biometric authentication. When the victim enters the PIN, the malware steals the biometric PIN by recording the screen using MediaProjection and also captures keystrokes. The stolen details are then sent to the C&C server.

What is worrying is that in the latest version of Drinik, TA only targets victims who have a valid income tax site account. Once the victim successfully logs into the account, it shows a fake dialog box on the screen that mentions the message below:

Our database shows that you are eligible for an immediate tax refund of 57,100 – from your previous tax miscalculation to date. Click Apply to apply for an instant refund and receive your refund in your registered bank account within minutes.

It is here that the user is redirected to the phishing website when he clicks on the Apply button. The malware now prompts victims to submit personal details such as full name, Aadhar number, PAN number and other details along with financial information, which includes Account number, credit card number, CVV and PIN. The stolen data is sent back to the C&C server.

Drinik targets the bank

The Drinik malware trojan targets banks using Accessibility Services for events related to targeted banking apps, such as theirs. Drinik abuses the “CallScreeningService” to disable incoming calls to disrupt logins and steal data. According to reports, the malware targeted 18 customers, SBI being one of them.

Watch all Tech News and Updates about Live Mint. Download Mint News App to get Daily Market Updates & Live Business News.



Source link