Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Income Tax Department. Show all posts
Phishing emails
Data Theft Income Tax Department India malware Phishing emails

Fake Tax Emails Used to Target Indian Users in New Malware Campaign

 


A newly identified cyberattack campaign is actively exploiting trust in India’s tax system to infect computers with advanced malware designed for long-term surveillance and data theft. The operation relies on carefully crafted phishing emails that impersonate official tax communications and has been assessed as potentially espionage-driven, though no specific hacking group has been confirmed.

The attack begins with emails that appear to originate from the Income Tax Department of India. These messages typically warn recipients about penalties, compliance issues, or document verification, creating urgency and fear. Victims are instructed to open an attached compressed file, believing it to be an official notice.

Once opened, the attachment initiates a hidden infection process. Although the archive contains several components, only one file is visible to the user. This file is disguised as a legitimate inspection or review document. When executed, it quietly loads a concealed malicious system file that operates without the user’s awareness.

This hidden component performs checks to ensure it is not being examined by security analysts and then connects to an external server to download additional malicious code. The next stage exploits a Windows system mechanism to gain administrative privileges without triggering standard security prompts, allowing the attackers deeper control over the system.

To further avoid detection, the malware alters how it identifies itself within the operating system, making it appear as a normal Windows process. This camouflage helps it blend into everyday system activity.

The attackers then deploy another installer that adapts its behavior based on the victim’s security setup. If a widely used antivirus program is detected, the malware does not shut it down. Instead, it simulates user actions, such as mouse movements, to quietly instruct the antivirus to ignore specific malicious files. This allows the attack to proceed while the security software remains active, reducing suspicion.

At the core of the operation is a modified banking-focused malware strain known for targeting organizations across multiple countries. Alongside it, attackers install a legitimate enterprise management tool originally designed for system administration. In this campaign, the software is misused to remotely control infected machines, monitor user behavior, and manage stolen data centrally.

Supporting files are also deployed to strengthen control. These include automated scripts that change folder permissions, adjust user access rights, clean traces of activity, and enable detailed logging. A coordinating program manages these functions to ensure the attackers maintain persistent access.

Researchers note that the campaign combines deception, privilege escalation, stealth execution, and abuse of trusted software, reflecting a high level of technical sophistication and clear intent to maintain prolonged visibility into compromised systems.

Read more »
protecting sensitive data
Banking Data Critical security flaw Cyber Security Data Exposure Government of India. Income Tax Department Information Security protecting sensitive data

Indian Tax Department Fixes Major Security Flaw That Exposed Sensitive Taxpayer Data

 

The Indian government has patched a critical vulnerability in its income tax e-filing portal that had been exposing sensitive taxpayer data to unauthorized users. The flaw, discovered by security researchers Akshay CS and “Viral” in September, allowed logged-in users to access personal and financial details of other taxpayers simply by manipulating network requests. The issue has since been resolved, the researchers confirmed to TechCrunch, which first reported the incident. 

According to the report, the vulnerability exposed a wide range of sensitive data, including taxpayers’ full names, home addresses, email IDs, dates of birth, phone numbers, and even bank account details. It also revealed Aadhaar numbers, a unique government-issued identifier used for identity verification and accessing public services. TechCrunch verified the issue by granting permission for the researchers to look up a test account before confirming the flaw’s resolution on October 2. 

The vulnerability stemmed from an insecure direct object reference (IDOR) — a common but serious web flaw where back-end systems fail to verify user permissions before granting data access. In this case, users could retrieve another taxpayer’s data by simply replacing their Permanent Account Number (PAN) with another PAN in the network request. This could be executed using simple, publicly available tools such as Postman or a browser’s developer console. 

“This is an extremely low-hanging thing, but one that has a very severe consequence,” the researchers told TechCrunch. They further noted that the flaw was not limited to individual taxpayers but also exposed financial data belonging to registered companies. Even those who had not yet filed their returns this year were vulnerable, as their information could still be accessed through the same exploit. 

Following the discovery, the researchers immediately alerted India’s Computer Emergency Response Team (CERT-In), which acknowledged the issue and confirmed that the Income Tax Department was working to fix it. The flaw was officially patched in early October. However, officials have not disclosed how long the vulnerability had existed or whether it had been exploited by malicious actors before discovery. 

The Ministry of Finance and the Income Tax Department did not respond to multiple requests for comment on the breach’s potential scope. According to public data available on the tax portal, over 135 million users are registered, with more than 76 million having filed returns in the financial year 2024–25. While the fix has been implemented, the incident highlights the critical importance of secure coding practices and stronger access validation mechanisms in government-run digital platforms, where the sensitivity of stored data demands the highest level of protection.
Read more »
Phishing Attack
@bank_of_russia Cyber Fraud Income Tax Department India Phishing Attack

Income Tax Dept alerts taxpayers of phishing mails by fraudsters




The Income Tax department of India has alerted the taxpayers about a phishing email asking them to verify their tax return even though they have e-verified it.

A taxpayer Anika Gupta, received an email from a suspicious email ID, asking her to e-verify her return, while she had already e-verified her ITR through OTP generated by the Aadhaar card.

The email claiming to be from the Income Tax (I-T) Department, it read, “Hello anxxxxx@xxail.com, Income Tax Return for the Assessment Year 2019-2020 has been successfully filed. After Submission, It is mandatory for Tax Payers to e-Verify the Income Tax Return using various verification methods. For your Income Tax Return, e-verification is not d………..read more”

The mail contains three malicious links with the texts ‘read more’, ‘see here’, ‘pending’ and ‘click here’.

Soon after receiving the mail, Gupta alerted the matter to the grievance section of the I-T Department.

The I-T Department alerted the taxpayers by saying, “Income Tax Department never asks PIN, OTP, Password or similar access information for credit/debit cards, banks or other financial account-related information through e-mail, SMS or phone calls. Taxpayers are cautioned not to respond to such e-mails, SMS or phone calls and not to share personal or financial information.”

The I-T department also requests the user to carefully “Check the domain name. Fake emails will have misspelled or incorrect sounding variants of Income Tax Department web sites and will have incorrect email header.”

The Department further said, “In case if you have received such phishing / suspicious mail – do not open any attachments as it may contain malicious code. Do not click any links. Even if you have clicked on links inadvertently, then do not enter personal or financial information such as bank account, credit/debit/ATM card, income tax details, etc.”

Read more »
Subscribe to: Comments (Atom)