Indian Income Tax-Themed Phishing Campaign Targets Local Businesses

Dec. 23, 2025, 9:40 a.m.

Description

A sophisticated phishing campaign impersonating the Indian Income Tax Department has been targeting local businesses. The attack begins with a spear-phishing email containing a PDF attachment that directs victims to a fake compliance portal. This triggers the download of a malicious ZIP file, which initiates a multi-stage infection chain. The payload, delivered through NSIS installers, deploys a Remote Access Trojan (RAT) with persistence capabilities. The malware harvests system information and establishes communication with command and control servers. Technical indicators suggest a China-linked development environment. This campaign demonstrates how seemingly simple tax-themed phishing can lead to complete device compromise, emphasizing the need for heightened security awareness.

External References

https://www.seqrite.com/blog/indian-income-tax-themed-phishing-campaign-targets-local-businesses/
https://otx.alienvault.com/pulse/69497ab3f381b44007add888
Tags
rat
phishing
india
nsis installer
remote access trojan
data harvesting
china-linked
2025-12-22
income tax

Date

  • Created: Dec. 22, 2025, 5:06 p.m.
  • Published: Dec. 22, 2025, 5:06 p.m.
  • Modified: Dec. 23, 2025, 9:40 a.m.

Indicators

  • 154.91.84.3
  • www.akjys.top
  • https://www.akjys.top/
Download all indicators here!

Attack Patterns

  • Remote Access Trojan

Additional Informations

  • Finance
  • Government
  • India