top of page
Cyberbugs provide VAPT Services , Security Services &  cyber securityTraining and ethical hacking training

What is Drinik Malware?

Updated: Feb 14, 2022


What is Drinik Malware?

The public authority has warned Android users in India about a malware called Drinik to take delicate data by promising to create personal assessment discounts. Customers with more than 27 Indian banks have effectively been focused on with the malware, the Indian Computer Emergency Response Team (CERT-In) wrote in a warning delivered on the web. The nodal office that deals with network safety dangers says that the attackers target casualties by sending them a connection to a phishing site that appears to be like the Income Tax Department gateway. It requests that clients download a pernicious application that introduces you to the Drinik malware.


The Drinik malware was purportedly utilized as a crude SMS stealer back in 2016. CERT-In, however, proposed that it advanced as of late as a financial Trojan, focusing on Indian clients.


According to the subtleties gave in the warning by the CERT-In, casualties get a SMS message containing a connection to the phishing site. It requests some close to home data and afterward downloads the application. The malicious Android application behaves like a real form of the arrangement made by the Income Tax Department to assist with creating charge discounts. It expects clients to allow authorizations to get to SMS messages, call logs, and contacts and shows a discount application structure that requests subtleties including complete name, PAN, Aadhaar number, address, and date of birth, as indicated by the warning. What is Drinik Malware ? Drinik is one of the most well-known Android malware. The malware assists the programmers with removing delicate data from the telephone just by introducing an application. The casualty ordinarily gets a connection from a SMS identified with a personal expense discount. Tapping on this connection begins the download of an APK record and when the document has been introduced, your telephone turns into an obvious objective for hackers. Remember that the greater part of the malware is typically spread through APK records and the authority sites never request that a client introduce an application from an unknown source.


A portion of the clients have additionally revealed on the off chance that no subtleties have been added to the phony site, then, at that point, a similar structure springs up on the malware application until the clients had filled and submitted it. The structure will request delicate information like the client's complete name, PAN, Aadhaar number, address, date of birth, versatile number, email address and monetary subtleties like record number, IFSC code, CIF number, charge card number, expiry date, CVV and PIN. Aside from this, here is a rundown of hashes and servers that can be utilized for reference while distinguishing the Drinik Malware.


As per CERT-IN, Drinik is an Android malware. Hackers are taking financial data from individuals through this malware. This malware utilizes phishing stunts to target individuals.


At the point when the client enters the sum and taps on the exchange button, the application shows a blunder and shows a phony update screen. While in the backend, the attacker takes individual data like SMS and call logs of the client through malware.

As per CERT-IN, "Utilizing such data, hacker creates a financial structure and presents it on the client's gadget. The client is then mentioned to enter the portable financial certifications. From that point, all the client's data arrives at the hacker's database.

How to Protect Yourself from Drinik Malware Attack?

How to Protect Yourself from Drinik Malware Attack? CERT-In says to consistently download the portable application from Google Play store or App Store to stay away from any infection or malware. These stages are more averse to contain malware applications. This protects your gadget from programmers.

Programmers once in a while send phishing messages to hack the gadget. These messages contain vindictive connections, with the assistance of which programmers can undoubtedly break the telephone's security and introduce infections. Such messages ought to be erased right away. Additionally, consistently remember that remember to open the connection given in such a message. CERT-In had shared a few tips and deceives to shield the bank clients from the Drinik Android malware assault.


• Diminish the danger of downloading possibly unsafe applications by restricting your download sources to official application stores, for example, your gadget's maker or working framework application store.


• Prior to downloading/introducing applications on Android gadgets (even from Google Play Store):

Continuously survey the application subtleties, number of downloads, client audits, remarks and "extra data" segment. Confirm application authorizations and award just those consents which have important setting for the application's motivation.


Try not to check the "Untrusted Sources" checkbox to introduce sideloaded applications.

Introduce Android updates and fixes as and when accessible from Android gadget merchants.


• Try not to peruse untrusted sites or follow untrusted connections and exercise alert while tapping on the connection gave in any spontaneous messages and SMSs.


• Search for dubious numbers that don't appear as though genuine cell phone numbers.


• Tricksters frequently veil their character by utilizing email-to-message administrations to try not to uncover their genuine telephone number. Veritable SMS got from banks generally contain source ID (the bank's short name) rather than a telephone number in the shipper data field.


• Do broad exploration prior to tapping on the connection gave in the message.


• Numerous sites permit anybody to look dependent on a telephone number and see any interesting data regarding whether a number is genuine.


• Just snap on URLs that show the site area. If all else fails, clients can look for the association's site straightforwardly utilizing web crawlers to guarantee that the sites they visited are authentic.


• Introduce and keep up with refreshed antivirus and antispyware programming.


• Consider utilizing safe perusing devices, sifting instruments like antivirus and content-based separating, in your antivirus, firewall, and sifting administrations.


• Practice alert towards abbreviated URLs, for example, those including bit.ly and TinyURL. Users are encouraged to float their cursors over the abbreviated URLs (if conceivable) to see the entire site area they are visiting or utilize a URL checker to permit them to enter a short URL and view the full URL.


• Clients can likewise utilize the shortening administration review element to see a see of the full URL.


• Pay special attention to legitimate encryption declarations by checking for the green lock in the program's location bar prior to giving any delicate data, for example, individual points of interest or record login subtleties.


• Clients should report any uncommon movement in their record quickly to the individual manage an account with the applicable subtleties for making further fitting moves.


-By Rahul Siraskar

bottom of page