Cybercriminals have always used the tax season to target victims with a range of phishing and malware assaults, and this year is no exception. Here’s a roundup of the latest phishing and malware attacks around tax-related themes.
Remcos RAT targets tax return preparation firms
Microsoft uncovered a Remcos RAT campaign that targeted organizations dealing with tax preparation, financial services, CPA, bookkeeping, and accounting.
- As part of the campaign, the attackers relied on legitimate links that redirected recipients to fake tax documents sent by clients.
- The infection chain, furthermore, relied on MSI files, VBS files containing PowerShell commands, and, in some cases, the GuLoader malware downloader to drop the Remcos RAT on the victim’s systems.
ATO phishing attack harvests users’ login credentials
- Researchers at the Cofense Defense Center tracked a phishing email campaign that pilfered login credentials from Australians.
- The email body included legitimate Australian government logos and branding to trick unsuspecting users into clicking on the phishing link.
- The link redirected users to a phishing page miming the MyGov login page for Australian Tax Office (ATO).
GuLoader uses tax themes to target financial services
- A malware loader named GuLoader was found targeting financial institutions in the U.S.
- The phishing email contained a shared link to Adobe Acrobat that further enabled the download of a password-protected ZIP archive.
- The ZIP archive contained a decoy image and a shortcut file disguised as a PDF that executed the malware loader.
In other notable tax-themed phishing attacks, scammers used phishing emails purporting to be from IRS to execute Emotet trojan onto the victims’ systems. A hacker group tracked as TACTICAL#OCTOPUS, relied on valid employee W-2 tax documents, I-9 forms, and real estate purchase contracts to download malware onto victims’ systems.
Stay safe
The IRS issued an advisory, urging taxpayers to be wary and vigilant of new tax-related scams. The agency adds that it never asks for personal details from users over email or phone and, further, recommended using strong passwords and forwarding suspicious emails to IRS to stay safe from phishing attacks.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/0cb2_shutterstock_1748211680.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/e26f_shutterstock_1050436496.jpg)
