Tax Payers: Income tax payers are the target.. SBI warning.

A new Android virus has been detected, users of these banks should be careful, otherwise money will sink

New Delhi. A new version of the Drinkic Android Trojan is reportedly capable of stealing people’s important bank details. Drinkic is an old malware that has been in the news since 2016. The Indian government had previously issued a warning to Android users about this malware, which steals users’ personal information in the name of income tax refunds. Now another version of the same malware has been spotted by Sybil with advanced capabilities. It is specifically targeting customers in India and customers of 18 specific Indian banks. Currently, among these banks, we are clearly targeting SBI customers.

A new Drinic Android banking trojan has been discovered
Drinik is an advanced version of malware that targets users by sending SMS with an APK file. It includes an app called iAssist, which is India’s official tax management tool for income tax. After users install the app on their Android phones, it asks them for permission for certain tasks. These include receiving, reading and sending SMS, reading call logs and reading and writing to external storage.

The app requests permission to use the Accessibility service with the intention of disabling Google Play protection. Once the user gives permission, the app gets the chance to do something without the users being informed about it. The app can capture navigation gestures, record screen and key presses.

When the app gets access to all the permissions and functions you want, it will open the real Indian Income Tax website through WebView instead of loading a pre-made phishing page. Although the site is genuine, the app uses screen recording with keylogging functionality for users’ login credentials.

The app also has the ability to check whether the login was successful to ensure the stolen data is accurate. After logging in, a fake dialog box opens on the screen which prompts the user to pay Rs. 57,100 which the tax agency deemed eligible for refund, it said. Then the victim gets the “Apply” button to get the cashback. It redirects the user to a phishing page that looks like a genuine income tax department website. Here people are asked to enter their financial details like account number, credit card number, CVV and card pin etc.

Cyble revealed that the app also contains code to abuse the call screening service, whose original use is that it can reject incoming calls without users knowing. It was also found that the APK file contains encrypted strings to avoid detection by antivirus products and the malware decrypts them at run time using custom decryption logic. Avoid downloading any app through third party website or SMS. People should search for apps on Google Play Store or Apple App Store.

Avoid giving SMS and call log permissions to unknown app. Of course not all apps are allowed to perform basic functions. In such a situation, users should be careful. If you are getting any important link, SMS or email related to banking, you should check it again by visiting the official website. Avoid checking it with any third party sources. A new version of Drinkic is based on the Accessibility Service. So users should make sure that they are not allowing access to it on their Android phones.