Drinik malware returns to target Indian taxpayers

For the past few years, particularly during the Covid-induced lockdown and post-pandemic period, more and more people are relying on online platforms to get services done.

. However, there is also a steady increase in cyber thefts, as criminals are able to easily dupe naive users to reveal their financial details and steal their hard-earned money.

. The prime modus operandi among cyber crooks is to pose as an Income Tax official or banking executive and send random messages or emails with a warning that if they don't perform KYC (Know Your Customer), their bank accounts will be blocked. And some, they lure victims that they have to refile IT returns to get a cash refund. In the garb getting money, they reveal everything via email and they pay heavily.

. Now, cybercriminals are back with vengeance. They are apparently using Drinik malware with advanced capabilities and using the Income Tax Department of India and targeting 18 Indian banks, reported Cyble Research & Intelligence Labs (CRIL).

. The malware Drinik was first noticed in September 2021, but now the bad actors have added more capabilities to protect themselves from detection and also come with more capabilities.

. They have released a fake iAssist APK file online that looks like an Income Tax tool with all the genuine logo and user interface.

. Once installed, the Drinik malware-laced app quickly disables the Google Play Protect that monitors suspicious behaviour on Android phones. Later, it gains access privileges and will be able to record on-screen activities, read, send and receive SMS, read call details, contact lists, internal storage content, and even external storage (files in microSD card).

. It later takes you to the genuine Income Tax website and log in. Then, the malware notes all the keystrokes and checks if the login process was successful. It records the username and password and even tries to verify if the PAN (Permanent Account Number) and even the Aadhaar number are right.

. In the meantime, it flashes a fake message on the screen. It reads-- "Our database indicates that you are eligible for an instant tax refund of Rs.57,100.\– from your previous tax miscalculations till date. Click Apply to apply for an instant refund and receive your refund in your registered bank account in minutes." The URL hyperlinked to-- Apply-- takes to you you to a compromised website.

. With such big cash rewards, most people fall prey to such tricks and click on malicious URL links. It opens a fake Income Tax portal with an online form asking users to fill it with sensitive data such as Aadhar number, and PAN number, in addition to financial details such as Account number, Credit card number, CVV, and PIN.

. With all the personal data accumulated, it can try to log in victim's bank app and try to steal the money. As of now, there are no mass reports of people losing money from bank accounts. The malware is still evolving and more capabilities are being added to avoid detection by cyber security agencies.

. As noted by Cyble researchers, 18 banks including the State Bank of India are under the radar of cybercriminals.

. It is advised that Android phone owners must download apps only from Google Play Stoe and completely avoid side-loading apps or APKs from third-party app stores or websites.

. And, never share OTP or any personal details on SMS or emails, or even on calls. Also, Cyble experts advise users to enable biometric authentication, such as 2FA (Two-Factor-Authentication), for logging in to e-banking portals.

. Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech .

Drinik malware returns to target Indian taxpayers

Follow us on :

Follow Us