Scams Using Remote Access Malware to Phish US Taxpayers. Accountants are gathering the client’s tax records to complete the files for the tax returns as the United States is presently coming to the conclusion of its annual taxation session.
Because of this, threat actors can now target taxpayers with the goal would open infected files when they are less busy when they might ordinarily be more cautious.
Having said that, Microsoft has been disseminating alerts about phishing attacks that prey on taxpayers and accounting firms and use the Remote Acess malware to provide threat actors first access to business networks. Microsoft has been issuing alerts as the deadline for filing US taxes approaches, and the company mentions in its most recent report that it has noticed a resurgence of the phishing attacks targeting taxpayers and tax companies to spread the Ramcos Remote Access Trojan (RAT), which was first discovered in February, to infect corporate networks.
Moving on to the phishing attempt begins with emails that appear to be from clients who have submitted the necessary papers to finish the tax return. I am sorry for not replying sooner; our individual tax return should be straightforward and not take up much of your time, according to a phishing email that Microsoft came across.
“I believe you would need a copy of our most recent year’s documents, which I have uploaded below, including W-2s, 1099s, interests, mortgages, donations, HSAs, medical investments, and more.”
The Zip bundle contains a variety of files that, while being Windows shortcuts, pose as PDF files for several tax forums.
Advertisement
Microsoft claims that the VBS program will download and run the Guloader virus, which will set up the Ramcos Remote Access Trojan. Threat actors frequently employ the Ramcos Remote Trojan to obtain initial access in phishing attempts.
