top of page
  • Admin

Drinik Android Banking Trojan May Empty Your Accounts

Published: February 07, 2023 on our newsletter Security Fraud News & Alerts Newsletter.

Android users should be aware that a new version of the Drinik Android Trojan is now making its rounds. According to various reports, this malicious Trojan version is targeting users of financial institution applications and websites and aims to access sensitive login credentials. If successful, it can give cybercriminals full access to a user's financial accounts and of course, confidential financial details.

Previously, scammers used Drinik to steal your text/SMS messages, which meant they could get your multifactor authentication codes to use to get your online banking accounts. The updated version just tricks users into downloading a “helpful tax tool.” It uses text messaging (phishing using text/SMS messaging) or email to get users to click a link to download this “helpful” tool.

How it works

You may receive email or text messages that claim to be from the IRS or other Income Tax Department in the form of a tax management tool. If you install this tool, the virus asks for permission to access to your call logs, external storage, and text messages. Once you give that permission, Google will immediately disable Play Protect. What’s the harm in that, you ask? Well, Play Protect makes it easier for scammers to get your details.

Instead of taking the user to phishing pages, which was the previous tactic, Drinik opens what looks like the official website of the IRS. While using the form, the scammers make off with your account-related information through screen recording. There may also be a popup message that claims to provide some amount of money back to the user. That’s the hook. But once you hit the refund button supposedly to transfer the amount to your bank account, the scammers will instead empty your account of funds.

What to do or not to do

With hackers becoming increasingly sophisticated, it’s vital now more than ever that users exercise caution when whatever you’re doing involves financial information or personally identifying information (PII). Be sure to triple check the link to your financial institutions to make sure they are the correct ones and if your browser pops up any type of security error, pay attention to it and go no further. Contact the organization and find out what is going on.

As for smishing, it’s being used more and more these days and sadly, it’s a rather successful tool for cybercriminals. If you get unsolicited text messages, be very careful about clicking on links that come in them. Financial institutions don’t generally send unsolicited links that way, and neither with the IRS. If you suspect a problem with your accounts, go directly to their apps or websites to take a look. Remember that government agencies do not make initial contact with you via email or text message. They will send a letter through the postal service.

Taking security precautions might seem mundane and sometimes they can seem bothersome when you have to change your passwords often, use multifactor authentication or other extra measures. But they do go a long way in fending off cyber threats like Drinik.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at


bottom of page