Malware Found Hiding in Fake Income Tax Department Emails, CERT-in Warns
An information stealing computer malware, masking as a message from the Income Tax Department, has been found prowling in the Indian cyberspace, a federal cyber-security agency has warned in a recent advisory.
“A phishing and malware campaign is active since at least September 12 and is targeting individuals as well as financial organisations. The campaign involves fake emails purporting to be sent from Indian Income Tax Department,” the CERT-In said its latest advisory accessed by PTI.
Indian Computer Emergency Response Team (CERT-In) is the national agency to combat hacking, phishing incidents, and to fortify security-related defences of the Indian Internet domain. While phishing denotes to a category of cybercrime where a person’s personal vital information like banking, credit card details and passwords are stolen, malware is an e-virus.
A senior tax official said fraud links faking the I-T department are often used by fraudsters as people are very concerned and serious about their tax filing, refunds and other businesses with the department.
“It is very important to guard against any malicious email that talks about your I-T records or banking issues. The department has run many awareness series to educate people and taxpayers against these frauds,” the official said.
The advisory said at least two variants of the latest malware emails have been observed. First variant includes an attachment with extension “.img” which contains a malicious “.pif” file while the second variant lures the users to download a malicious “.pif” file hosted on a sharepoint page via a link of fraudulent domain incometaxindia[.]info, it said.
This domain, it said, has now been disabled. “The malware samples add persistence by modifying the Windows registry and have been observed to have information stealing capabilities,” it said.
It issued some samples of fraud emails being sent with subject line stating: “Important: Income Tax Outstanding Statements A.Y 2017-2018”; Income Tax Statement XML PAN XXX895X.pif; Income Tax Statment XML.img; Income Tax Statement XXX8957X.pif among others.
The agency also suggested some counter-measures: Do not to open documents from untrusted sources and should disable running macros in MS Office by default; don’t open attachments in unsolicited e-mails, even if they come from people in your contact lists and never click on a URL contained in an unsolicited e-mail, even if the link seems benign, it said.
In cases of genuine URLs, close the e-mail and go to the organisation’s website directly through browser, the Cert-In said.