Alert! Cybercriminals Leverage Tax-Related Themes to Drop Malware

The latest attack campaign

• The group uses valid employee W-2 tax documents, I-9 forms, and real estate purchase contracts to trick users into downloading malware onto their systems.
• The attack typically starts with emails that contain password-protected files with tax-related names like TitleContractDocs.zip or JRCLIENTCOPY3122.zip.
• Within the zip file is a single image file that further causes the execution of malware in secondary stages. 
• The malware enables hackers to gain access to victims’ systems and capture clipboard data and track keystrokes.

Why is tax season popular among cyber actors?

• The time-sensitive nature of tax season appeals to threat actors as they can leverage the tax filing deadline to put pressure on individuals, which increases the likelihood of falling victim to these scams.
• Moreover, the large amount of personal and financial information that is filed during the tax returns is valuable for attackers as it can be used for identity theft, tax fraud, or other fraudulent activities.

Emotet also makes its way into the tax scam

• Last week, the operators behind the notorious Emotet trojan were also found using tax-related lures against taxpayers. 
• In the campaign, the attackers impersonated an inspector from the IRS and sent malicious emails titled IRS Tax Forms W-9.

How to stay safe?