A new version of the Drinik Android trojan targets 18 Indian banks, masquerading as the country’s official tax management app to steal victims’ personal information and banking credentials.
Drinik has been circulating in India since 2016, operating as an SMS stealer, but in September 2021, it added banking trojan features that target 27 financial institutes by directing victims to phishing pages.
Analysts at Cyble have been following the malware and report that its developers have evolved it into a full Android banking trojan with screen recording, keylogging, abuse of Accessibility services, and the ability to perform overlay attacks.
The latest version of the malware comes in the form of an APK named ‘iAssist,’ which is supposedly India’s Income Tax Department’s official tax management tool.
