The new android virus, which is a Drinik Android trojan, has reportedly been discovered capable of stealing some of your sensitive financial information. Drinik is an old malware that has been making headlines since 2016. The Indian government previously warned Android users that this malware was stealing sensitive information from them to generate income tax refunds.
Also Read: Sony LinkBuds S Comes As Part Of ‘Road To Zero’
Cyble has identified a new version of the same malware with advanced capabilities targeting users in India and those using 18 specific Indian banks.
A new version of the Drinik malware is in the wind, which targets users by sending an SMS containing an APK file. It includes an app called iAssist, which impersonates the official tax management tool of India’s Income Tax Department.
When users install the app on their Android phones, it asks permission to perform certain functions. These capabilities include receiving, reading, and sending SMS and reading and writing to external storage.
New Android Virus Can Steal Your Data: Here’s What To Do
Following that, the app requests permission to use the Accessibility Service to disable Google Play Protect. When a user grants the license, the app gains the ability to perform certain functions without informing the user. The app can perform navigation gestures, record screen activity, and capture key presses.
Also Read: Motorola Moto X40 Specifications Tipped, Read Here
When the app has all of the permissions and access to the functions it requires, it uses WebView to open a genuine Indian income tax website rather than a phishing page, as was previously done. While the site is simple, the app records screen activity and keylogging functionality to access users’ login credentials.
The app can also check if the login successfully ensures that the data it is stealing is correct. But the story is far from over. After logging in, a fake dialogue box appears on the screen, claiming that the tax agency has determined that the user is eligible for an Rs. 57,100 refund due to previous miscalculations.
The app also has a code for abusing the Call Screening Service. This means it can block incoming calls without the user’s knowledge. Furthermore, according to many sources, strings in the APK file “are encrypted to evade detection by antivirus products, and the malware decrypts them during run time using a custom decryption logic.”
Varushi Yadav
I'm a 4th-year law student at the University of Petroleum and Energy Studies, along with that I'm a creative content writer. So far I have written law-related articles, I like to explore more and I'm always ready to learn more.