This latest Android virus is targeting 18 Indian banks and could take credit card CVV PIN, key information
What is Drinik?
The drink has been on the news since. Similar to other viruses that have been around, Drinik is getting a brand new and terrifying appearance. The glass is a relic of the past that steals your credit card details by luring you to claim the promise of a return on your income taxes. In 2016, after the lure of this Trojan enticed many and was unable to stop it, the Indian government issued an advisory to stay clear of any message claiming that they would give you money for your tax bill. The Trojan has been upgraded with sophisticated capabilities, making it appear real. Anyone can be enticed by the simple assertions it makes.
What is the method used to do it? How can it
In the beginning, Drinik lives on Accessibility Service. If you install any app on your smartphone, it will grant you access to your messages, media, contacts storage, camera, and so on. Drinik takes sensitive financial information through access to your phone.
The way Drinik can hack your smartphone is described step-by-step.
- An SMS that contains an APK file that contains Drinik malware is sent
- APK has been identified as the iAssist App, which is a fake clone of the tool that is official from the Income Tax Department.
- After installing the application, it will request access to your call logs, SMS, and use of external storage.
- Alert: Requests permission for Accessibility Service to incapacitate Google Play Protect.
- Once that’s done, the app is able to record screen movements, hand gestures, and key presses.
- It tries to open a real income tax website using WebView.
- If the attempt worked, then the prompt appears that you need to type in the biometric code.
- Screen recordings (Media Projection) are initiated when the login pin for the phone, as well as the tax-related username and password (User ID, Aadhar, Password), are recorded.
- It also stops the service of incoming calls for a short time, interrupting hackers’ process.
- Once you have completed the login After logging in, a spam message will be displayed. “You can claim an amount of Rs 80,000 in refund because of previous miscalculations made of the department. Click here to receive an immediate refund to your bank account that you have registered” by clicking the “Apply” button.
- After you click Apply, you will be directed to a fake website that appears to be an authentic income tax site.
- You are required to input your personal information, including your bank account number, credit account number, CVV, and PIN, for the refund amount.
- After the data is filled in, the funds are debited from your bank account and credit card.
What does it mean?
- Drink, from 2016, was initially an SMS hack, but it’s developed into a fully-fledged camouflage on the official tax website of the nation.
- It is able to steal vital Personal Identifiable Information and sensitive bank information and even take your hard-earned cash forever.
- Drink targets are genuine income tax profiles.
- The stolen information is stored within the C&C server, which can be accessed at any time. It makes an information database that contains financial data.
- Your privacy is at risk as your personal information is kept inside the database. The problem does not stop with the blocking of the credit card.
Who are the victims?
The principal goal is SBI, the State Bank of India with nearly 45 million customers. Not just SBI but also all clients of major banks such as Indian Bank, Punjab National Bank, Canara Bank, and so on. The population target of Drinik is huge, with a large number of an estimated 400,000 registered Indian taxpayers. It is an extremely dangerous and difficult adversary.
How can we safeguard ourselves from the Trojan?
- Do not install applications on your mobile device from untrusted sources. Only download through Google Play.
- Utilize biometric authentication to access applications and the lock screen.
- Make use of Google Play Protect services to identify any suspicious activity coming through the apps installed on your phone.
- Before installing any application, be sure to read the permissions you provide to the app carefully. Don’t give permissions that appear to be vulnerable.
- Click on the bank links that you get via the official site or the messaging service provided by the bank.
- Your bank, as well as credit card information, should be shared only if the payment is initiated on your side. It is not necessary to disclose them when you receive cash.
Cyble Cyberble, the cyber security organization that studies and aids in fighting dark networks, has said that the creators of Drinik have made it more advanced level to be able to commit fraud on financial institutions quickly. Therefore, the general public should be cautious when the installation and use of any software that claims to be from one or the agencies of the federal government. If you spot anything that seems suspicious, immediately notify your banker about the issue and protect yourself from major damage.