INFORMATION STATEMENT
National Information Technologies JSC (NITEC) informs that a fake notification from scammers with a link to a phishing website is being sent to the e-mails of legal entities. When opening such a website, a malicious software is downloaded.
The notification is sent in PDF format under the guise of a false notification from the State Revenue Committee (SRC) of the Ministry of Finance of the Republic of Kazakhstan. The title of the message reads "A warning about the elimination of violations in debt collection to the budget, at the expense of money held in bank accounts."
The PDF itself contains links leading to malicious JAR files named using NCALayer. The user is persistently invited to view the software, which is available via a separate link "sewn" in the file. This link contains a phishing website which, when opened, downloads and launches malicious software under the guise of an update for NCALayer.
Downloading such a malicious file provides scammers with the opportunity to install a dangerous virus on a computer and gain remote access to the user's device. Scammers can steal data and manipulate user devices remotely.
It should be noted that the information systems of the SRC send notifications only to the taxpayer's account, the personal account of the eGov.kz portal and the e-Salyq mobile application.
NITEC strongly advises users to check sources of information and not to click on suspicious links. It should be reminded that the official website for NCALayer download is www.pki.gov.kz. Downloading NCALayer from any other website involves the risk of data loss.