A new version of the Drinik malware has been discovered, putting the data of 18 bank customers at risk. According to Cyble analysts (via Bleeping Computers), the malware has evolved into an Android trojan capable of stealing sensitive personal information and banking credentials.
Drinik is a banking malware that has been plaguing the industry since 2016. It used to be an SMS stealer, but it now has banking trojan features – capable of screen recording, keylogging, abusing Accessibility services, and performing overlay attacks in its new form. According to the report, the most recent version of Drinik malware is in the form of an APK called iAssist.
The India Tax Department’s official tax management tool is iAssist. When installed on a device, the APK file will request permission to read, receive, and send SMS messages, as well as read the user’s call log. It also requests read and write access to external storage.
Drinik, like other banking trojans, makes use of Accessibility Service. After launching, the malware requests permissions from the victim, followed by a request to enable Accessibility Service. It then disables Google Play Protect and begins performing auto-gestures and key presses.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: