Malware Alert! This Android virus is targeting data of 18 Indian banks

Drinik virus has returned and now targeting the Indian banks. As many 18 banks are in the radar of the latest version of Drinik virus. The Drinik virus had been in the news since 2016 and now it is back to haunt. The malware targets the Android users and steals sensitive banking details as well as personal details. The issue has been reported by Cyble.

How does Drinik affect Android users

The latest version of Drinik virus targets users by sending an SMS that contains an APK file. The APK file is named iAssist. The iAssist app impersonates official tax management tool of the India Tax department. After getting installed the APK file asks for permission to read, receive and send SMS from the phone of the user. Additionally, the app asks the permission to read call log of the phone of the users.

Then, the Drinik malware requests the user to enable Accessibility Service. As the user enables the Accessibility Service it disables Google Play Protect the app performs multiple functions without the knowledge of the user. Drinik can also record screen, perform navigation gesture, and capture key presses.

After the App gets all its permissions, it opens the Indian Income Tax website through WebView. However, you will be shocked to know that the App opens the original Indian Income Tax website rather than a phishing page. The App uses keylogging functionality along with screen recording to use the login credentials of the user. As soon as the login happens, the user receives a box on the screen which shows that the he/ she is eligible for a refund. As the user clicks the Apply button on the screen, he/ she is directed to the phishing page that resembles original Income Tax Department website. Users are now asked to enter financial details which include account number, credit card/ debit card number, CVV as well as PIN.