As part of a three month investigation, the Symantec Security Response team has unveiled a scam campaign targeting UK consumers with fraudulent ‘tax deduction’ emails containing information stealing Donx malware.
These emails claim to be from the Income Tax Department of India, and the investigation revealed that the UK was the third most targeted country, receiving 14% of all the emails. India was the biggest target at 43%, followed by the United States (20%).
In his blog post, Satnam Narang, Senior Security Response Manager at Symantec notes that: “The emails announce that thousands of rupees have been deducted from the recipient’s bank account as a tax payment. The email also contains an attached file that masquerades as a receipt for the payment. The alleged receipt… contains information stealing malware that Symantec detects as the Infostealer.Donx Trojan. The malware logs keystrokes, titles of open windows, and the operating system version, then sends that information back to an attacker command-and-control (C&C) server.”
The full blog post is available here: http://www.symantec.com/connect/blogs/scammers-impersonate-indias-income-tax-department-deliver-malware