Home Tech Watch out — those IRS tax forms could actually just be malware

Watch out — those IRS tax forms could actually just be malware

by pfuwi
0 comment

The tax season in the United States is nearly upon us once again, which can only mean one thing – hackers will be impersonating the Internal Revenue Service (IRS) in an attempt to steal money and sensitive information from businesses of all shapes and sizes.

Cybersecurity researchers from two companies – Palo Alto Networks and Malwarebytes have discovered two malicious phishing campaigns doing just that, but having somewhat different approaches. 

In one campaign, the attackers would impersonate the IRS and share a fake W-9 tax form via email. The fax form is actually the Emotet malware, capable of stealing sensitive data from the infected endpoints and using it to further distribute itself. Emotet can also serve as a dropper, allowing the threat actors to distribute different types of malware, ransomware included. 

Word and OneNote files

In this campaign, the attackers would send a malware-laden Word document, inflated to 500MB+ in order to avoid triggering the antivirus programs. However, given that Microsoft blocked macros from internet-downloaded Office files, chances are this campaign won’t be that successful. 

The second campaign is different in the fact that instead of Word files, these attackers are distributing OneNote files with malicious add-ons. 

These are yet to be fully blocked when downloaded from the internet, so the success rate will probably be somewhat higher. In this campaign, the attackers would share a NoteBook (a OneNote file) that’s “protected” (seems to be blurred out) and requiring the user to click “Unlock” or “View” or a similar call to action. However, what they would really be doing is triggering the add-on, which would download the Emotet malware.

The second major difference is that these files wouldn’t come from the fake IRS but rather fake partners, clients, or businesses the victims otherwise engage with. 

Usually, tax forms are distributed as a .PDF file, and not as a .DOCX file, which is probably the best way to spot a cyberattack. Furthermore, OneNote is not exactly the most popular productivity tool out there, so getting a NoteBook file should be a red flag right from the start.

Via: BleepingComputer

You may also like

Leave a Comment

Our Company

newswebby is where tomorrow is realized. it is the essential source of information and ideas that make sense of a world in constant transformation. the newswebby conversation illuminates how technology is changing every aspect of our lives—from culture to business, science to design. the breakthroughs and innovations that we uncover lead to new ways of thinking, new connections, and new industries.


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Laest News

© 2023  – All Right Reserved. Newswebby