Cybereason Discovers New Tax Scams
Cybereason, a provider of future-ready attack protection, this week announced the discovery of a new campaign targeting U.S. taxpayers with documents that purport to contain tax-related content, but ultimately deliver NetWire and Remcos malware – two prolific remote access trojans (RATs) which allows attackers to take control of victims’ machines through a new phishing email scheme. The scam could result in steep financial losses for taxpayers. Last year alone, the IRS identified more than $2.3 billion in tax fraud schemes.
The new infection process is designed to evade antivirus tools and tricks targets into installing the malware via a tax-themed Word document containing a malicious macro that downloads an OpenVPN client on the targeted machine. The malware dropper establishes a connection to the legitimate cloud service “imgur” and downloads the NetWire or Remcos payloads by way of a technique called steganography, where the malicious code is hidden within an innocuous looking jpeg image file.