The Android malware attacking Indian taxpayers' SMS inboxes by impersonating the Income Tax department has "reportedly returned" with heightened functionalities, reported Hindustan Times. Drinik 2.0 loads the official Income Tax website, bypassing anti-virus alarms on the device. It then requests the user to enable certain permissions—after which it records all activities performed on the device, such as keystrokes, device biometric recording, keylogging, and screen activity. It can also steal One Time Passwords sent over SMS. Drinik is used to steal a victim's banking credentials and perform transactions, leading to a "virtual bank account takeover", said Dhanalakshmi P.K., Senior Director, Malware and Intelligence Research at Cyble, a "global threat intelligence SaaS provider" that flagged the virus's return a few weeks ago. CERT-In first alerted citizens on the malware in September 2021. Victims were targeted through a "smishing" campaign—or phishing via SMS—where they received fake messages from the Income Tax department offering refunds for their paid income tax. Customers of 27 banks had already been targeted by the malware when the alert was issued. Why it matters: Cyble's study indicates that only citizens with income tax accounts are targeted, suggesting that the threat actor behind the attack has access to the account data of Indian taxpayers, reports the Hindustan Times. With cyberattacks against Indian citizens on the rise, establishing a robust data protection and national cybersecurity regime can help protect their interests. How does Drinik Attack Indian Taxpayers? Who is targeted?: 18 Indian banks are explicitly listed in the malware's APK. How is information stolen?: Users…
