A serious phishing campaign that targets US taxpayers has been discovered in the run up to the April 15 tax filing deadline.
Attack protection specialists Cybereason has released details of its core threats in a new report warning that individuals are being sent documents that purport to contain tax-related content.
However, they also deliver NetWire and Remcos malware and allow cybercriminals to take control of a victim’s machine.
- Take a look at the best accounting software
- The best tax software around today
- Check out the best malware removal software
NetWire and Remcos are regularly cited as two of the most prolific remote access Trojans (RATs). Worse still, the latest phishing campaign has been carefully engineered to evade antivirus software tools. Recipients of a tax-themed Word Document are duped into opening it, which contains a malicious macro that subsequently downloads an OpenVPN client on the users computer.
Malware threats
Once this has happened the malware dropper makes a connection to the legitimate cloud service ‘imgur’ and downloads the NetWire or Remcos malware. Cybereason has discovered that the process is carried out using a technique called steganography, whereby malicious code is hidden inside a seemingly innocuous Jpeg file.
The activity has the potential to affect a lot of unsuspecting tax filers. According to the IRS, nearly 170 million tax returns were filed in the US in 2020. Of those, nearly 153 million were filed electronically. And last year along the IRS identified more than $2.3 billion in tax fraud schemes.
Therefore, tax filers are being encouraged to follow the usual practices when filing their 2021 returns. This includes resisting the temptation to click on links or open attachments in suspicious emails. Anyone filing a tax return in the US should also bear in mind that the IRS will never initially contact taxpayers using email, text or social media asking for personal or financial details.
“Social engineering via phishing emails continues to be the preferred infection method among both cybercriminals and nation-state threat actors. The potential for damage is serious and the malware allows threat actors to gain full control over a victim’s machine and steal sensitive information from users or their employers. In this research, we demonstrate how the attackers are leveraging the U.S. tax season to infect targets at will,” said Assaf Dahan, senior director and head of threat research at Cybereason.
“The use of various techniques such as steganography, storing payloads on legitimate cloud-based services, and exploiting DLL sideloading against a legitimate software makes these campaigns very difficult to detect. The sensitive information collected from the victims can be sold in the underground communities and used to carry out all manner of identity theft and financial fraud,” added Dahan.
- We've also highlighted the best mobile credit card processors
