Beware of fake Income-Tax Dept! THIS malware attacking taxpayers; Know tips to avoid loss

tech.hindustantimes.com:

Here is an important alert for all the taxpayers. A malware dubbed Drinik has returned. Recently, Cyble Research & Intelligence Labs (CRIL) has identified an upgraded version of Drinik impersonating the Income-Tax Department of India and targeting 18 banks including the State Bank of India (SBI), according to a blog by Syble. It can be known that the Drinik malware has been targetting the banking industry since 2016. Earlier, the malware used to operate as an SMS stealer but it has now evolved into an Android trojan. After the evolution, the malware can now do screen recording to harvest credentials, keylogging, abusing call screening service to manage incoming calls, and receiving commands via Firebase Cloud Messaging.

According to the information provided by Cyble, the malware variant is communicating with Command & Control (C&C) server hxxp://gia[.]3utilities.com, which is hosted on IP 198[.]12.107[.]13. Also, the third and latest version loads the genuine income tax department site and uses screen recording along with a keylogging functionality to steal the login credentials. Also, the latest version of Drinik malware comes in the form of an APK named iAssist.

It can be known that the iAssist is the official tax management tool of the India Tax department. Once it gets installed on a device, the APK file will ask for permission to read, receive and send SMS in addition to reading the user's call log. It also requests permission to read and write to external storage. Initially, it will take you to the official Indian income tax site and display a fake dialogue box to steal users' account details. The malware then tries to trap the user by showing an instant tax refund and eventually takes him to the phishing site.

Howeve