Email security, Vulnerability Management, Malware

US accounting firms warned of new phishing campaign

Share

BleepingComputer reports that accounting and tax return preparation firms and individuals across the U.S. have been warned by Microsoft regarding an ongoing phishing campaign involving the distribution of the Remcos remote access trojan malware since February in an attempt to exploit the imminent end of the annual tax season. Phishing emails purporting to be from clients sending necessary files for tax returns are being delivered to tax preparers, with the messages containing links that bypass security systems and redirect to a file hosting site that facilitates the download of a ZIP archive, according to a Microsoft report. Double-clicking Windows shortcuts masquerading as tax form PDFs within the ZIP archive would prompt PowerShell execution and VBS script download and execution. Such VBS files then facilitate GuLoader malware download and execution, which will be followed by the installation of Remcos RAT, which has data exfiltration and other malware deployment capabilities. "While social engineering lures like this one are common around Tax Day and other big topic current events, these campaigns are specific and targeted in a way that is uncommon," Microsoft said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.