Saturday, November 26, 2022
HomeBusinessDo you have an account in SBI? Be careful, Drinik Android...

Do you have an account in SBI? Be careful, Drinik Android malware is back

New Delhi. Bank customers’ data is at risk. Now you must be wondering how this can happen. But it is correct. The data of SBI and 17 other bank customers is at risk. Actually, according to some analysts, Drinik Android malware has been developed as an Android Trojan. It can steal users’ personal information and banking credentials. This isn’t the first time Drinik Android has set foot in 2016. Then this malware attacked the banking industry. It used to work as an SMS theft then. But now there is much more in it which is quite dangerous for the users. Now screen recording, keylogging, accessibility services are misused through this.

According to a report, the latest version of Drinik Android has arrived in the form of iAssist. This is an apk file. If it is installed on your device, then the APK file reads the call log of the users and also asks permission to send it. Like other banking Trojans, Drinik relies on the Android Accessibility Service. Once the device has all the necessary access, it disables Google Play Protect and executes auto-gestures and captures key presses.

How does it work:
After doing all this, it loads the original Income Tax website and then before showing the login page, the malware shows the verification screen for biometric verification. Here the user has to enter his PIN. This malware then records the screen using mediaprojection and then steals the biometric PIN. Not only that, it also captures keystrokes. Whatever data is stolen is sent to the C&C server. This TA targets only those people who actually have an income tax site account. As soon as the victim logs into the account, it shows a fake dialog box. It is written in it-

Our database indicates that you are eligible for an instant tax refund of ₹57,100 – from your previous tax miscalculations till date. Click Apply to apply for instant refund and receive your refund in your registered bank account in minutes.

The user is redirected to the phishing website only when he clicks on the Apply button. This malware asks users to provide personal information such as full name, Aadhaar number, PAN number and financial details. This includes account number, credit card number, CVV and PIN.

How to avoid:
If you want to avoid this kind of phishing website, then do not accidentally go to any wrong website or click on any random link. It can be very dangerous. Do not click on any link until you have completely verified it. Along with this, never go to any website without any means and do not fall in any greed.

- Advertisement -

- Advertisment -

- Advertisment -spot_imgspot_imgspot_img


Two Wheeler


Digit News