Attackers posing as IT department targetting Indian users: Symantec

Security Firm Symantec has noted that malicious emails are being sent to users, which install keyloggers onto their PCs.

Published Date
22 - Jan - 2016
| Last Updated
22 - Jan - 2016
 
Attackers posing as IT department targetting Indian users: Symant...

With great power comes great responsibility. India has become one of the biggest markets for electronics and the Internet, making it a ripe target for cybercriminals. The latest from security firm, Symantec, has identified fraudulent tax deduction emails being sent to users to steal their personal information. Symantec’s Senior Security Response Manager Satnam Narang told PTI that in the last three months, the company has observed malicious emails that claim to be from the Income Tax Department of India. According to Narang, 43 percent of these emails came to Indians, while the US and UK followed at 20 and 14 percent respectively.

Further, it seems that at least two times of emails have been circulated amongst users — one explaining that thousands of rupees have been deducted from your account as tax payment, while the other looks like a real intimation sent by the Income Tax department. Narang pointed out that such activities may increase towards the financial year closing, since people will be filing their tax returns at this time.

In addition, the two emails, which follow different templates, are aimed at installing a keylogger on the user’s computers, which then collects information from the PC. The emails contain attachments that claim to be receipts of payment etc. and are sent as a ZIP file. When unzipped, the keylogger is installed on your PC and Symantec has detected the malware as the Infostealer.Donx file, said Narang. On the other hand, the emails that look like an intimation from the IT department, contains a different ZIP file that installs Trojan.Gen onto the user’s PC. 

The domain for email addresses used by the attackers are spoofs of those used by the Income Tax Department of India. Narang implored users to avoid such suspicious emails and report them to the Indian Computer Emergency Response Team (CERT-In).

Digit NewsDeskDigit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.