JOIN US
IPL
News Shots
Explainers
Bengaluru
Science
Trending
Brandspot
Photos
Newsletters
Home
News Shots
Trending
Menu
×
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
Hometechnology

Beware of malware-laced fake Income Tax Android app: McAfee

Threat actors are sending SMS with compromised URL to divert users to compromised website with fake iMobile Income Tax app.
Last Updated 04 October 2021, 11:48 IST

Follow Us

For the past few months, the Income Tax department and its service partner Infosys in India are feeling the heat over the glitches in its website. Several citizens have complained of not being able to fully process the IT returns.

Now, a report from McAfee has revealed that bad actors have started a phishing campaign via SMS to hoodwink unsuspecting citizens to download Elibomi malware-laced fake iMobile app to file their IT returns smoothly.

"During our investigation, we found that in the latest campaign the malware is delivered using an SMS text phishing attack. The SMS message pretends to be from the Income Tax Department in India and uses the name of the targeted user to make the SMS phishing attack more credible and increase the chances of infecting the device," said the McAfee Mobile Research team.

It should be noted that ICICI Bank too, has an app -iMobile Pay and is available on both Google Play Store and Apple App Store.

But, the URL link shared on SMS from threat actors takes the users to their website, which houses the compromised iMobile app (shown below).

The iMobile app's interface is well disguised as an authentic IT portal of the Indian government. It also has the official logo of the IT department to build trust among people.

Fake Income Tax iMobile app (Credit: McAfee)
Fake Income Tax iMobile app (Credit: McAfee)

Once installed, the malicious app asks for critical permissions to capture personal information such as e-mail address, phone number, and SMS/MMS messages stored in the infected device Also, it is capable of stealing the victim’s sensitive personal and financial information.

This data can be used by cybercriminals to perform identity theft and financial fraud.

There is no information on how many people have been affected, but the campaign was first noticed in November 2020. Threat actors again reinitiated it this year around May 2021, noted the McAffe research team.

Android phone users are advised not to install any type of apps from third-party websites at all. Also, it is good practice to install anti-virus apps on mobile phones.

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.

ADVERTISEMENT
(Published 08 September 2021, 09:16 IST)
Technology NewsDH TechIncome TaxMalwareMcAfeeIT returns

Follow us on

ADVERTISEMENT
ADVERTISEMENT