Scam with hackers masquerading as tax men
With the ease of access to smartphones and the internet, an increasing number of people in India are adopting online mode to avail various services such as ordering food, hailing a cab and also file income tax returns. It can be noted that the Central Board of Direct Taxes received a record 49,29, 191 e-filing of ITRs (Income Tax Returns) on August 31, the deadline to file ITR for 2019-20.
Apparently, this has attracted shady actors to prey on naive citizens. Indian cybercrime unit of CERT-In has observed a spike in fake IT notices being sent to individuals and financial institutions since September 12. It has issued warning to citizens to exercise caution when they receive any such things via email.
There are two types of emails. The first variant includes an attachment with an extension".img" which contains a malicious ".pif" file. The second variants lure the users to download malevolent ".pif" file hosted on a Sharepoint page via a link of fraudulent domain incometaxindia[.]info.
Must read | Dead Simjacker on the prowl: Any phone can be hacked
The shady ".pif" files contact a Command & Control server and drop multiple binary (.exe, .dil) files in [/Users//AppData/Local/Temp] and [/Users/AppData/Roaming] directories. The malware is capable of modifying the Windows registry and has been observed to have information-stealing capabilities. The campaign is said to be identical to "Ave-Maria" malware detected in early 2019, which was used by hackers to hoodwink the user to install an app and steal information.
Though CERT-IN has disabled the Sharepoint page and the malicious host domain, people are advised to be cautious when they receive emails on their smart devices.
Here's how to safeguard from online frauds, phishing scam, and malware:
1) Some of commonly used to subject line and contents in the fake IT notice email are “Important: Income Tax Outstanding Statements A.Y 2017-2018”, "Income Tax Statement XML PAN XXX895X.pif", "Income Tax Statment XML.img" , "Income Tax Statement XXX8957X.pif"among others.
2) Users are advised not to open documents from untrusted sources and should disable running macros in MS Office by default
3) Restrict execution of Powershell/WSCRIPT in an enterprise environment. Ensure the installation and use of the latest version of the PowerShell with enhanced logging enabled, script block logging and transcription enabled. Send the associated logs to a centralised log repository for monitoring and analysis
4) System administrators of the company are advised to enforce application whitelisting on all endpoint workstations. This will prevent droppers or unauthorised software from gaining execution on endpoints
5) Implement application whitelisting/Strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA% and %TEMP% paths
6) Always update your phones and PCs with the latest security updates. Google usually rolls out updates monthly, while Apple release as when they discover any vulnerability in the iOS and MacOS devices. Microsoft too does the same for Windows computers.
7) It goes without saying that everyone should have an anti-virus app on their phone and on the computer
8) Never reveal One Time Password(OTP) nor the debit/credit/CVV numbers to anybody. No bank official or even the Income Tax official ask for financial details by mail or on call or through SMS.
9) Also no IT officer or bank official or any company for that matter, ask you to install an app by sending URL links via emails
10) When you are asked to put in debit card/credit card details on a website, make sure the URL has 'https://'. If it has just http:// without the 's', kill the link
11) In case of genuine URLs, close the e-mail and go to the organisation's website directly through the browser
12) Always be wary of emails sent by unknown names, as in most cases they are fraudsters or annoying telemarketing personnel. Never reply to them, just tag them as spam and move on
13) If you download a file or get a pen drive with movies from a friend or anybody. Just to be on a safer side, scan the system with an anti-virus application. It will only take a few minutes and definitely save you from potential malware or ransomware attack. more