Indian Taxpayers Targeted by Fake App Distributed by Phishing Actors

  • Taxpayers in India are getting SMS that supposedly come from the Income Tax Department urging them to download a tax-filing app.
  • The app is basically malware serving phishing forms that aim to grab a set of sensitive details from the victim.
  • By accessing the device’s SMS, the actors can steal 2FA codes for compromising the user's banking account.

As the tax season in India is underway, taxpayers are increasingly targeted by scammers and phishing actors who are looking to exploit the period to steal their sensitive information. In this effort, they have created a new Android malware named ‘Elibomi,’ which serves the victim a fake tax-filing application and then siphons all entered data to the actor-controlled server.

According to McAfee’s Mobile Research team, who discovered this first, the problems start with the arrival of an SMS that pretends to be from the Income Tax Department in India, urging the recipient to download the malware. Upon installation, the app asks for SMS access and use permission, supposedly needed for the verification of the mobile number to the tax agency’s systems. In reality, Elibomi just steals all SMS messages stored in the infected device, along with emails, phone numbers, and any other personal information it can grab.

Source: McAfee

Cyble researchers have dug deeper into the source code of the malicious app and warn that the app could be updated at any time to use a different theme. Currently, it asks for the user’s net banking credentials, banking details, PAN and mobile number, address, name, date of birth, debit card number, expiry date, and even the CVV.

Source: Cyble

By having access to the device’s SMS, the crooks may grab 2FA codes relevant to the net banking account, so they can break through MFA protections. This is another example of why SMS isn’t the best two-factor authentication option.

Source: Cyble

Giving away all of the above info basically opens up a whole set of exploitation potential for the crooks, so if you are worried that you may have been tricked, you have limited time to correct the mistake. Call your card issuer and ask them to invalidate it due to compromise, and then proceed to reset whatever passwords you exposed by voluntarily providing your internet banking credentials.

To uproot Elibomi from your mobile phone, run a trustworthy mobile security tool and perform a full scan on the device’s storage. In the future, avoid tapping URLs that have arrived via SMS, and never trust any app that has been sourced outside the Google Play Store.

How to Watch Fantasy Football League Online From Anywhere
The wait is almost over, and the reboot of the famous Fantasy Football League show is finally upon us. The show that...
How to Watch Welcome to Flatch Season 2 Online From Anywhere
Welcome to Flatch is landing a new season soon, and we are happy to tell you it's super easy to stream online,...
How to Watch CSI: Vegas Season 2 Online From Anywhere
There is great excitement among CSI fans worldwide as CSI: Vegas Season 2 is finally set to premiere soon. After the success...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari