Security News > 2022 > October > Drinik Android malware now targets users of 18 Indian banks

A new version of the Drinik Android trojan targets 18 Indian banks, masquerading as the country's official tax management app to steal victims' personal information and banking credentials.
Drinik has been circulating in India since 2016, operating as an SMS stealer, but in September 2021, it added banking trojan features that target 27 financial institutes by directing victims to phishing pages.
Analysts at Cyble have been following the malware and report that its developers have evolved it into a full Android banking trojan with screen recording, keylogging, abuse of Accessibility services, and the ability to perform overlay attacks.
To target the eighteen banks, Drinik constantly monitors the Accessibility Service for events related to the targeted banking apps, such as their apps.
The targeted banks include SBI, one of the largest banks in the world, serving 450,000,000 people via a massive network of 22,000 branches.
Going after Indian taxpayers and banking customers means that Drinik has a massive targeting pool, so every new successful feature potentially translates to substantial financial gains for the malware's operators.
News URL
Related news
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)