Malware name: DRINIK 

Type: Trojan malware 

File type: .apk 

DRINIK is an android malware that is a Trojan Virus as it pretends to be an Income tax refund application and instead steals the banking information of the user. DRINIK uses phishing techniques to attack user and persuade them to enter sensitive banking information. 

How does DRINIK steal information? 

Spreading URLs: 



  1. The user will receive an SMS which contains the malicious link, the message informs the victim about their income tax refund. 
  2. When the user clicks on the link, it asks them to enter some personal information and install an APK file which actually in the malware. Once the user installs it, the Trojan is now in our android and the user can’t tell much difference in the interface of the DRINIK app and a genuine Income tax application. 
  3. Once installed the application asks permissions like SMS, Contacts, Call logs etc. If the user has not given any information on the website, the Trojan again asks the same details once the user has installed the application to further proceed using it.  
  4. The personal details that are asked by the users include full name, Aadhaar number, PAN, address, mobile number, date of birth, email address. 
  5.  The financial details that re asked by the user includes account number, CIF number, IFS code, card number, date of expiry, CVV and finally the PIN gives the attacker whole access to the user’s account.  
  6. Then the malware asks the user to refund the amount of money to their accounts. The moment the user enter the amount and hit ‘transfer’, it shows a fake screen and tell about some update  

Indicators of compromise: 

  1. Hashes of the file: 








  1. C2 servers: 





IP ADDRESS SCANS and totally unresponsive to ping and all ports filtered. responsive, the hosts are up and running on this IP with port 22/tcp open  

How to avoid DRINIK malware? 

  1. It is always advised to file income tax return using the official website of government of India https://www.incometax.gov.in/iec/foportal  
  2. Hyperlinks send through messages should never be opened, instead we should always know the official websites before we login or put any information in some random website. 
  3. We should never install any application from the web instead try searching for the application on Google Play store or App Store to avoid installing any malware.  
  4. None of the income tax websites ever asks for your PIN number, so see the details carefully what is asked and if found suspicious then don’t continue on the website or application.


Please enter your comment!
Please enter your name here

How To Recognize And Avoid Phishing

The act of phishing is immoral as well as illegal. If you fall prey to it, it can harm you greatly. Ensure you are...

How To Deal With Phishing?

You must take quick action to deal with phishing. Safeguard your personal information and your account by securing your account.

How To Deal With Identity Theft?

Comprehensive Guide to Deal With Identity Theft. Learn to Safeguard Yourself and Your Personal Information from Identity Theft.

All You Need To Know About Filing A Cyber Crime Complaint Online In India

In this step by step guide we will learn about how to file cyber crime complaint online? All you need to know about cyber crime complaint.

How To Deal With Cyberbullying?

The issue of cyberbullying is a severe one, but there are strategies available to combat it. Bystanders can play a part in the preventative process by intervening when they see cyberbullying taking place. By working together, we can make the internet a friendlier and less dangerous environment for people of all ages and backgrounds.