Computer malware under garb of I-T Department message circulating in Indian cyberspace, warns govt’s cybersecurity agency

A government cybersecurity agency has issued a warning to the taxpayers that an information-stealing computer malware under the garb of a message from the Income Tax Department (I-T Department) has been circulating in the Indian cyberspace.

"A phishing and malware campaign is active since at least 12 September and is targeting individuals as well as financial organisations. The campaign involves fake emails purporting to be sent from Indian Income Tax  Department," the cybersecurity agency, CERT-In, said.

Indian Computer Emergency Response Team or CERT-In is the national agency to combat hacking, phishing incidents and to fortify security-related defences of the Indian Internet domain. CERT-In is functioning under the Ministry of Electronics and Information Technology.

Related Articles

Income tax return filing: ITR 1, 4 forms for FY 2022-23 now available online

ITR Filing: Essential inclusions for HRA tax exemption in rent agreement

The advisory said at least two variants of the latest malware emails have been observed. First, the variant includes an attachment with extension “.img” which contains a malicious “.pif” file while the second variant lures the users to download a malicious ".pif” file hosted on a sharepoint page via a link of fraudulent domain incometaxindia[.]info, it said.

Representational image. Reuters

This domain has now been disabled, the agency said.

"The malware samples add persistence by modifying the Windows registry and have been observed to have information-stealing capabilities," CERT-In said.

It issued some samples of fraud emails being sent with subject line stating: “Important: Income Tax Outstanding Statements A.Y 2017-2018”; Income Tax Statement XML PAN XXX895X.pif; Income Tax Statment XML.img; Income Tax Statement XXX8957X.pif among others.

While phishing denotes to a category of cybercrime where a person's personal vital information like banking, credit card details and passwords are stolen, malware is an e-virus.

Fraud links faking the I-T Department are often used by fraudsters as people are very concerned and serious about their tax filing, refunds and other businesses with the department, reported PTI quoting a tax official.

"It is very important to guard against any malicious email that talks about your I-T records or banking issues. The department has run many awareness series to educate people and taxpayers against these frauds," the official said.

The agency also suggested a few counter-measures:

1) Do not to open documents from untrusted sources and should disable running macros in MS Office by default.

2) Restrict execution of Powershell/WSCRIPT in enterprise environment. Ensure the installation and use of the latest version of PowerShell with enhanced logging enabled, script block logging and transcription enabled. Send the associated logs to a centralised log repository for monitoring and analysis.

3) Do not open attachments in unsolicited e-mails, even if they come from people in your contact lists and never click on a URL contained in an unsolicited e-mail, even if the link seems benign.

In cases of genuine URLs, close the e-mail and go to the organisation's website directly through browser, the CERT-In said.

The I-T Department is also saying about how to identify phishing or fraudulent refund e-mails and also giving advisories to the taxpayers if they receive suspicious emails.

The advisories include, do not open any attachments as they may contain malicious code that will infect the taxpayers' computer.

The I-T Department further says to not click on any links. If one clicks on links in a suspicious e-mail or phishing website, then he or she should not enter confidential information like bank account, credit card details.

— With PTI inputs