A new variant of Drinik Android banking virus may steal your crucial bank credentials by employing screen recording and keylogging.
According to reports, a new variant of the Drinik Android virus has been found, and it may steal some of your crucial financial information. The Drinik virus has been in the spotlight since 2016. Prior to this, the Indian government issued a warning to Android users about this spyware, which steals personal information under the guise of producing income tax returns.
Cyble has discovered a new, more sophisticated variant of the same virus that is aimed squarely at users in India and customers of 18 different banks there. At the moment, only SBI customers are considered potential targets because of the association between Drinik and that bank.
Detection of new Drinik Android banking trojan
Upgraded Drinik virus sends an SMS containing an APK file to victims. iAssist imitates India's Income Tax Department's tax administration application. Once installed, the app requires permissions for various operations. Receive, read, and send SMS, read call log, and read and write to external storage.
The programme then seeks access to the Accessibility Service to deactivate Google Play Protect. Once a user authorises permission, the app may execute some operations without notifying them. The programme may record screen and key presses.
When the software receives the rights and features it wants, it accesses a legitimate Indian income tax website using WebView, rather than a phishing page. The site is legitimate, but the programme records users' screens and logs their passwords.
Drinik and other Android viruses: How to avoid