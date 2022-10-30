There is plenty of malware out there ready to hack into someone's phone and steal sensitive details like bank account numbers and OTP etc. One such malware is Drinik which has come again to haunt Indian banks and their customers. Cyber analysts have discovered an upgraded version of the Drinik malware that has put the data of 18 bank customers at risk. Drinik malware is targeting banks through the Accessibility Service of the banking apps. Once it gains access to the app, it disables incoming calls to interrupt the login and steal data. The malware is targeting 18 banks including SBI, said reports.

Also, the malware which has been in existence since 2016 has now come as an app disguised as an Income Tax app. It's available as an APK named iAssist claiming to be the official tax management app for the Income Tax department. Once a user mistakenly installs the app, it seeks permissions to read, receive and send SMS as well as takes access to the user’s call log. It also takes access to read and write the external storage. Once the victim grants all permissions, the malware disables the Google Play Protect feature and takes control of the smartphone.

It then opens the genuine Indian income tax site and pushes for biometric verification. When the user enters a PIN, the malware steals it by screen recording using MediaProjection and sends the details to hackers. Since the latest version of Drinik only targets victims with legitimate income tax site accounts, it indicates that the hackers have access to critical data.

Once the victim is logged in, the app displays a message saying the user is eligible for a tax refund of Rs 57,100 from all previous tax miscalculations and asks them to click on Apply to receive a refund in a registered bank account. If the user clicks on apply option, the malware redirects to a phishing website and prompts the victim to submit details such as name, Aadhaar, PAN, Account number, Credit card number, CVV, and PIN among other details.

This way, the victims end up losing their savings and critical data in the garb of the fake tax refund. Users are advised to install apps only from the play store and that too after checking the publisher's name. One should also have an active anti-virus installed on their smartphone. If you think that any app is asking for permissions which are not required, immediately uninstall the app.

It may be recalled that last month, the Indian Computer Emergency Response Team (CERT-In) issued a safety advisory against another trojan named SOVA which was affecting smartphones.