Search This Blog

Powered by Blogger.

Blog Archive

Labels

Data of SBI & 17 Other Bank Customers at Risk

An upgraded model of Drinik malware has been found that places knowledge of 18 bank customers at danger.

 

A new version of the Drinik malware has been discovered, putting the data of 18 bank customers at risk. According to Cyble analysts (via Bleeping Computers), the malware has evolved into an Android trojan capable of stealing sensitive personal information and banking credentials. 

Drinik is a banking malware that has been plaguing the industry since 2016. It used to be an SMS stealer, but it now has banking trojan features – capable of screen recording, keylogging, abusing Accessibility services, and performing overlay attacks in its new form. According to the report, the most recent version of Drinik malware is in the form of an APK called iAssist.

The India Tax Department's official tax management tool is iAssist. When installed on a device, the APK file will request permission to read, receive, and send SMS messages, as well as read the user's call log. It also requests read and write access to external storage.

Drinik, like other banking trojans, makes use of Accessibility Service. After launching, the malware requests permissions from the victim, followed by a request to enable Accessibility Service. It then disables Google Play Protect and begins performing auto-gestures and key presses.

Instead of displaying fake phishing pages, it then loads the genuine Indian income tax website. The malware will display an authentication screen for biometric verification before showing the victim the login page. When the victim enters a PIN, the malware records the screen using MediaProjection and captures keystrokes to steal the biometric PIN. The stolen information is then sent to the C&C server.

Concerningly, in the most recent version of Drinik, the TA only targets victims with legitimate income tax site accounts. When the victim successfully logs into the account, a fake dialogue box appears on the screen with the following message: "Our database indicates that you are eligible for an instant tax refund of ₹57,100 – from your previous tax miscalculations till date. Click Apply to apply for instant refund and receive your refund in your registered bank account in minutes."

When the user clicks the Apply button, he is redirected to a phishing website. The malware now requests personal information such as full name, Aadhar number, PAN number, and other details, as well as financial information such as account number and credit card number.

Drinik trojan malware searches the Accessibility Service for events related to the targeted banking apps, such as their apps, to target banks. Drinik takes advantage of the "CallScreeningService" to disable incoming calls in order to disrupt the login and steal data. According to the report, the malware targets 18 customers, including SBI.
Share it:

Banks

Data

Data Breach

Security

Trojan

User Data

User Safety

User Security