Wednesday 7 December 2022
- Advertisement -
EconomyFake I-T department app stealing taxpayers’ information

Fake I-T department app stealing taxpayers’ information

PNB and SBI have raised an alarm over a fake I-T department app, which has evolved into an Android Trojan that could steal important user information

A major risk in downloading dubious apps from unofficial sources is that the user may inadvertently download a fake I-T department app that is a dangerous malware capable of causing serious financial harm to the target, the State Bank of India (SBI) has warned. India’s largest lender alerted its users, saying the Drinik malware is a programme that is masquerading as an department app to steal Indian taxpayers’ Personally Identifiable Information (PII) and banking credentials through phishing attacks.

Earlier, Punjab National Bank had cited analysts saying that the fake I-T department app had evolved into an Android Trojan that could steal important personal details and banking credentials. It worked like an SMS stealer but has now added banking Trojan features. In the new form, it is capable of screen recording, keylogging, abusing Accessibility services and performing overlay attacks.

An advanced version of the Drinik malware has affected over 18 Indian banks.

Over the years, the Drinik malware has undergone various changes and just last year, the CERT-In (Indian Computer Emergency Response Team) issued an advisory about this virus that affected users of 27 banks. Since then, the Drinik malware has received some modifications that allow it to record your screen and log keystrokes.

The updated version of the malware, disguised as a website tool of the Department iAssist, tricks the victim into granting unlimited access and steals precious information.

How the fake I-T department app steals your financial information

The Drinik malware comes disguised as an APK file named iAssist. The Android Package with the file extension APK is the file format used by the Android operating system and a number of other Android-based operating systems for the distribution and installation of mobile apps, mobile games and middleware. The iAssist also is the official tax tool of the department in India.

Once installed, Drinik malware will ask for permission to read, receive and send SMS in addition to reading the user’s call log. It also requests permission to read and write to external storage. Similar to other banking Trojans, Drinik relies on Accessibility Service. Since most apps require this functionality, many users do not pay heed while clicking on the ‘grant access’ button. This should not be taken lightly.

The malware then disables Google Play Protect and starts executing auto-gestures and capturing key presses.

Next, the fake I-T department app loads the genuine Indian site, instead of displaying fake phishing pages. Before showing the login page to the victim, the malware will display an authentication screen for biometric verification.

When the victim enters a PIN, the malware steals the biometric PIN by recording the screen using MediaProjection and also captures keystrokes. The stolen details are then sent to the C&C server.

What is worrisome is that in the latest version of Drinik, the TA only targets victims with legitimate site accounts. Once the victim logs into the account successfully, it shows a fake dialogue box on the screen mentioning the below message: Our database indicates that you are eligible for an instant tax of Rs 57,100 – from your previous tax miscalculations to date.

Click ‘Apply’ to apply for an instant and receive your refund in your registered bank account in minutes. It is here when the user is redirected to a phishing website when he clicks on the Apply button. The malware now prompts the victim to submit personal details such as full name, Aadhaar number, PAN, and other details along with financial information, which includes account number, credit card number, CVV, and PIN. The fake I-T department app sends stolen data again to the C&C servers.

Click/tap on a tag for more on the subject

Related

Of late

More like this

[prisna-google-website-translator]