[Global] New cybercrime campaigns use tax filing scams to deliver malware

Security experts are warning that cybercriminals are exploiting global tax seasons by IRS and tax filing lures to deliver malware, remote monitoring and management (RMM) tools, and credential phishing in a wave of new campaigns this year, gbhackers reports.

Threat actors take advantage of the urgency around tax filings, knowing that users expect emails from tax agencies, HR departments, banks, payroll providers, and tax platforms.

Security researchers have reportedly tracked more than a hundred tax-themed operations across the globe already this year. According to gbhackers there has been a perceptible increase in the use of legitimate RMM software as a stealthy access vector.

Commonly used lures to be aware of include fake IRS notifications, expiry warnings for tax documents, alleged tax violations, and requests for support with filings or refunds.

Though many campaigns focus on US taxpayers with IRS‑branded emails, recent activity also targeted users in Canada, Australia, Switzerland, Japan, and other regions with localised tax brands and languages.

Proofpoint revealed that tax-themed campaigns deliver RMMs including Datto, N-Able, RemotePC, Zoho Assist, and ScreenConnect, among others. 

Their payloads reportedly span commodity malware, RMM agents, information stealers, and pure credential harvesting pages tied to financial and investment services. Depending on the threat actor’s goals, email volumes can reportedly range from highly targeted spear‑phishing waves to bulk mailshots of tens of thousands of messages.

Source: gbhackers

(Links via original reporting)

Security experts are warning that cybercriminals are exploiting global tax seasons by IRS and tax filing lures to deliver malware, remote monitoring and management (RMM) tools, and credential phishing in a wave of new campaigns this year, gbhackers reports.

Threat actors take advantage of the urgency around tax filings, knowing that users expect emails from tax agencies, HR departments, banks, payroll providers, and tax platforms.

Security researchers have reportedly tracked more than a hundred tax-themed operations across the globe already this year. According to gbhackers there has been a perceptible increase in the use of legitimate RMM software as a stealthy access vector.

Commonly used lures to be aware of include fake IRS notifications, expiry warnings for tax documents, alleged tax violations, and requests for support with filings or refunds.

Though many campaigns focus on US taxpayers with IRS‑branded emails, recent activity also targeted users in Canada, Australia, Switzerland, Japan, and other regions with localised tax brands and languages.

Proofpoint revealed that tax-themed campaigns deliver RMMs including Datto, N-Able, RemotePC, Zoho Assist, and ScreenConnect, among others. 

Their payloads reportedly span commodity malware, RMM agents, information stealers, and pure credential harvesting pages tied to financial and investment services. Depending on the threat actor’s goals, email volumes can reportedly range from highly targeted spear‑phishing waves to bulk mailshots of tens of thousands of messages.

Source: gbhackers

(Links via original reporting)