Malware Found Hiding in Fake Income Tax Department Emails, CERT-in Warns

The malware campaign is said to be active since September 12.

Malware Found Hiding in Fake Income Tax Department Emails, CERT-in Warns
  • A phishing, malware campaign is active since September 12: CERT-In
  • Two variants of the latest malware emails have been observed
  • First has an attachment with extension “.img”, second has ".pif”

An information stealing computer malware, masking as a message from the Income Tax Department, has been found prowling in the Indian cyberspace, a federal cyber-security agency has warned in a recent advisory.

"A phishing and malware campaign is active since at least September 12 and is targeting individuals as well as financial organisations. The campaign involves fake emails purporting to be sent from Indian Income Tax Department," the CERT-In said its latest advisory accessed by PTI.

Indian Computer Emergency Response Team (CERT-In) is the national agency to combat hacking, phishing incidents, and to fortify security-related defences of the Indian Internet domain. While phishing denotes to a category of cybercrime where a person's personal vital information like banking, credit card details and passwords are stolen, malware is an e-virus.

A senior tax official said fraud links faking the I-T department are often used by fraudsters as people are very concerned and serious about their tax filing, refunds and other businesses with the department.

"It is very important to guard against any malicious email that talks about your I-T records or banking issues. The department has run many awareness series to educate people and taxpayers against these frauds," the official said.

The advisory said at least two variants of the latest malware emails have been observed. First variant includes an attachment with extension “.img” which contains a malicious “.pif” file while the second variant lures the users to download a malicious ".pif” file hosted on a sharepoint page via a link of fraudulent domain incometaxindia[.]info, it said.

This domain, it said, has now been disabled. "The malware samples add persistence by modifying the Windows registry and have been observed to have information stealing capabilities," it said.

It issued some samples of fraud emails being sent with subject line stating: “Important: Income Tax Outstanding Statements A.Y 2017-2018”; Income Tax Statement XML PAN XXX895X.pif; Income Tax Statment XML.img; Income Tax Statement XXX8957X.pif among others.

The agency also suggested some counter-measures: Do not to open documents from untrusted sources and should disable running macros in MS Office by default; don't open attachments in unsolicited e-mails, even if they come from people in your contact lists and never click on a URL contained in an unsolicited e-mail, even if the link seems benign, it said.

In cases of genuine URLs, close the e-mail and go to the organisation's website directly through browser, the Cert-In said.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Indian Masses Will Have to Wait 5-6 Years for a True 5G Experience
Japan Roboticists Predict Rise of the Machines

Related Stories

Read in: বাংলা
Share on Facebook Tweet Snapchat Share Reddit Comment



© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on