Income Tax Fake Alert: If you are a income taxpayer, you must be careful. Hackers have found a new way to make you a beggar. Here’s what you need to know about it and how to avoid it.
Fake Income Tax: Here is an important alert for all income taxpayers. A malware called Drinic is back. According to a blog by Syble, Cybele Research & Intelligence Labs (CRIL) has recently identified an upgraded version of Drinic which is impersonating the Indian tax department and targeting 18 banks, including the State Bank of India (SBI)—used to be. Be aware that Drinic malware has been targeting the banking industry since 2016. Earlier the malware used to work as an SMS stealer, but now it has evolved into Android Trojan.
After development, the malware can perform screen recording, thereby harvesting credentials, keylogging, abusing the call screening service to handle incoming calls, and receiving commands via Firebase Cloud Messaging.
As per the information provided by Cybele, the malware version is communicating with the command & Control (C&C) server hxxp://gia[.]3utilities.com, hosted on IP 198[.]12.107[.]13. Also, the third and latest version loads the original Income Tax Department site and uses screen recording with keylogging functionality to steal login credentials. Also, the latest version of Drinic malware comes as an APK named iAssist.
You may know that iAssist is the official tax management tool of the India Tax Department. Once it is installed on the device, the APK file will ask permission to read, receive and send SMS besides reading the user’s call log. It also requests permission to read and write external storage. Initially, it will take you to the official Indian Income Tax site and display a fake dialog box to steal the user’s account details. The malware then tries to lure the user by showing immediate tax refunds, eventually leading him to a phishing site.
Step 1: Do not click on any link which you find suspicious or fake.
Step 2: Always remember to download and install software only from official app stores like Play Store or iOS App Store. Also, check the authenticity of the software before downloading it.
Step 3: You should never share your details or banking credentials, like card details, CVV number, or PIN, with others.
Step 4: Put tight security features on your phone, like fingerprint lock or facial recognition. Also, use strong passwords and implement multi-factor authentication wherever possible.
Step 5: Avoid allowing multiple apps to access data on your device.