Skip to content
The DonkeyThe Donkey
  • Home
  • Account Payable
  • Account Number
  • Account Recovery
  • Account Riot
  • -
  • -
Account Number

The SBI reports a bogus income tax application that steals taxpayer information. Follow these steps to stay safe

Posted on November 5, 2022November 5, 2022 by Amy A. Stuart
05
Nov

Photo: iStock

The State Bank of India (SBI) has informed its social media followers about the harms of downloading software or apps from untrusted sources. One of the major risks of downloading dubious apps from unofficial sources is that the user may inadvertently download dangerous malware that can cause severe financial damage to the target.
SBI has alerted its users that Drinik malware is one such malware targeting Indian taxpayers to steal personally identifiable information (PII) and banking credentials through phishing attacks.
SBI is not the only one to warn its customers of the risks of accidentally downloading the dangerous Drinik malware. Earlier, the Punjab National Bank, in a report citing analysts, said the malware has evolved into an Android Trojan capable of stealing important personal information and banking credentials. It used to be operated as an SMS stealer, but has now added banking trojan features. In the new form, it is capable of recording screens, logging keystrokes, abusing accessibility services, and performing overlay attacks.

An advanced version of the Drinik malware has affected more than 18 Indian banks.

Over the years, the Drinik malware has undergone various modifications and last year CERT-In (Indian Computer Emergency Response Team) issued an advisory on this virus which affected users of 27 banks. Since then, the Drinik malware has received a few modifications that allow it to record your screen and log keystrokes.

The updated version of the malware, disguised as iAssist income tax service website tool, tricks the victim into granting unlimited access and stealing valuable information.

How Drinik malware steals your financial information

The Drinik malware comes in the form of an APK file named iAssist. Android package with the file extension apk is the file format used by the Android operating system and a number of other Android-based operating systems for the distribution and installation of mobile applications, mobile and middleware games. The iAssist is the official tax management tool of the Income Tax Department in India.

Once installed, the Drinik malware will request permission to read, receive and send SMS messages in addition to reading the user’s call log. It also asks for permission to read and write to external storage. Similar to other banking trojans, Drinik relies on the accessibility service. Since most apps require this feature, many users don’t pay attention when they click the “grant access” button. This should not be taken lightly.

The malware then disables Google Play Protect and starts performing automatic gestures and capturing key presses.

Then it loads real Indian income tax site, instead of showing fake phishing pages. Before showing the login page to the victim, the malware will display an authentication screen for biometric verification.

When the victim enters a PIN, the malware steals the biometric PIN by recording the screen using MediaProjection and also captures keystrokes. The stolen details are then sent to the C&C server.

Worryingly, in the latest version of Drinik, the TA only targets victims with legitimate accounts on the income tax site. After the victim successfully logs into the account, a fake dialog box will appear on the screen stating the message below: Our database indicates that you are eligible for an instant tax refund of ₹57,100 – from your previous tax calculation errors to date.

Click Apply to request an instant refund and receive your refund in your saved bank account within minutes. This is where the user is redirected to a phishing site when he clicks the apply button. The malware now prompts the victim to submit personal information such as full name, Aadhar number, PAN number and other details along with financial information including account number, credit card number, CVV and PIN. The stolen data is again sent to the C&C servers.

Related posts:

  1. EPFO: Do you have 2 or more UAN? Knowing how to merge them for provident purposes (FP)
  2. SBI Yono Lite: Do you want to add a beneficiary online? Know how to do it – Check out the STEP by STEP guide here
  3. Kiosk helps customers pay their utility bills
  4. How to Transfer Money from KCB to Equity Bank Account in Kenya Kenya News
This entry was posted in Account Number. Bookmark the permalink.
Amy A. Stuart

Tallahassee man arrested in January 6 attack on US Capitol, feds say
Football falls at Middlebury as Banbury ’23 represents five scores
Categories
  • Account Number
  • Account Payable
  • Account Recovery
  • Account Riot
  • Uncategorized

account number accounts payable bank accounts capitol hill donald trump email address income tax joe biden law enforcement phone number president donald social security states capitol united states washington dc

Recent Posts
  • How to Get a Wells Fargo Credit Limit Increase – Forbes Advisor

  • Payoneer Global Inc. (NASDAQ:PAYO) Chief Financial Officer Michael G. Levine sells 7,536 shares

  • News from Trump today: Tax returns to be seen by Congress after Supreme Court rules against him

  • Drex heart attack: The Vancouver radio host will be on the air until 2023

  • Why Bank Customers Should Sign Their ATM Cards – Banker – The Whistler Newspaper

Archives
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • Privacy Policy
  • Terms and Conditions
  • Home
  • Account Payable
  • Account Number
  • Account Recovery
  • Account Riot
  • WooCommerce not Found
  • Newsletter