The Drinik malware has returned and is now attacking income tax payers. Know how to keep your data safe.
Here’s an important warning to all taxpayers. A malware called Drinik has returned. Recently, Cyble Research & Intelligence Labs (CRIL) identified an enhanced version of Drinik masquerading as the Income-Tax Department of India and targeting 18 banks, including the State Bank of India (SBI), according to a Syble blog. The Drinik malware has been known to target the banking sector since 2016. Previously, the malware worked as an SMS stealer, but it has now evolved into an Android Trojan. After evolution, the malware can now take screenshots to collect credentials, keylogging, abuse the call screening service to manage incoming calls, and receive commands via Firebase Cloud Messaging.
According to Cyble’s information, the malware variant communicates with Command & Control (C&C) server hxxp://gia[.]3utilities.com, which is hosted on IP 198[.]12.107[.]13. Also, the third and latest version loads the real site of the IRS and uses screen recording along with a keylogging functionality to steal the credentials. Also, the latest version of Drinik malware comes in the form of an APK called iAssist.
The iAssist is known to be the official tax management tool of the Indian tax authorities. Once installed on a device, the APK file asks for permission to read, receive and send text messages, in addition to reading the user’s call log. It also asks permission to read and write to external storage. Initially, it will direct you to the official Indian income tax site and display a fake dialog to steal users’ account details. The malware then tries to trap the user by showing an instant tax refund and eventually takes them to the phishing site.
However, what should be noted now is that the malware and the techniques to fool people have developed at a rapid pace. Therefore, it is very important for the users to take precautions. Here are some of the tips you can use to stay safe:
Tips to protect your data from malware
Do not click on a link that you think is questionable or fake.
Always remember to only download and install software from official app stores such as Play Store or the iOS App Store. Also check the authenticity of the software before downloading it.
You should never share your personal information or bank details such as card details, CVV number, PIN code with anyone.
Keep strict security features on your phone, such as fingerprint lock or facial recognition. Also use strong passwords and enforce multi-factor authentication where possible.
Do not allow multiple apps to access data on your device.