This new Android virus targets 18 Indian banks and can steal credit card CVV, PIN, and key details
What is Drinik?
Drinik has been in the news since 2016. Like any other virus, it has a new terrifying face now. Drinik is an old malware that steals your card information by luring you for an income tax refund. Back in 2016, when many fell into the trap of this Trojan, the Indian Government issued an advisory to avoid any messages claiming to give you an income tax refund. Now the Trojan is replete with advanced capabilities so that it looks so genuine. Any individual gets carried away by the unpretentious claims it makes.
How does it steal credit card information?
Firstly, Drinik lives on Accessibility Service. When installing any application on your phone, you would be given access to your messaging, contacts, media, storage, camera, etc. Drinik steals sensitive financial information by gaining access to your smartphone.
How Drinik hacks your phone is explained step by step.
- An SMS with an APK file containing Drinik malware is sent
- APK is an iAssist App which is a fraudulent clone of the official tool of the Income Tax Department.
- On installing this app, it requests access to your SMS, Call logs, and usage of external storage.
- Warning: Requests permission to Accessibility Service to incapacitate Google Play Protect.
- After this is done, the app can record hand gestures, screen, and key presses.
- Tries to open a genuine income tax website from WebView.
- If the attempt succeeded, the prompt displays to enter the biometric pin.
- Screen recording (Media Projection) is initiated where the phone login pin, and income tax login credentials (User ID, Aadhar, Password) are captured.
- It also bars the incoming call service temporarily which interrupts the hacking process.
- Once the login is done, a spam message is displayed. “You are eligible for a refund of Rs 80,000 due to previous miscalculations by the department. Click to get an instant refund in your registered bank account” with an “Apply” button.
- Once you click on apply, you are redirected to a phishing site that looks like a genuine income tax website.
- You are asked to enter your sensitive details like bank account number, card number, CVV, and PIN to get the refund amount.
- When the details are entered, the amount is withdrawn from your card and bank account.
What can it do?
- Drinik in 2016 was originally an SMS hack but now it has developed into a full-fledged camouflage of the official income tax website of the country.
- It can steal important Personal Identifiable Information and sensitive banking information and steal your hard-earned money forever.
- Drinik targets are only genuine income tax profiles.
- The pilfered information is stored in the C&C server to be used whenever it wants. It creates a database of financial information.
- Your privacy is compromised as the personally identifiable information is stored in the database. It does not end just by blocking your credit card.
Who are all the targets?
The primary target is the State Bank of India with almost 45 crore customers. Not only SBI but also all the customers of major banks like Indian Bank, Punjab National Bank, Canara Bank, etc. The target population of Drinik is large with registered Indian taxpayers. It proves to be a difficult and dangerous enemy.
How to protect ourselves from this Trojan?
- Avoid installing applications on your mobile from untrusted sources. Download only from Google Play.
- Use biometric authentication for applications and lock screen.
- Use Google Play Protect services to detect any malicious activity from the applications installed on your phone.
- While installing any application, read the permissions that you give for the app carefully. Do not give any permission that seems susceptible.
- Click on the banking links that you receive from the official website or messaging service of the bank.
- Your banking and credit card details must be shared only in case payment is initiated from your end. You are not required to share them when you receive money.
Cyble, a cyber security agency that researches and helps against dark networks has opined that the developers of Drinik have taken it to the advanced level to perform financial crimes easily. Hence the general public is advised to be very careful in installing and using any application claiming to be from any of the government agencies. If you find anything suspicious, you can immediately report to your banker about the activity and safeguard yourself from substantial damages.