1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Watch out those IRS tax forms could actually just be malware

    From TechnologyDaily@1337:1/100 to All on Mon Mar 27 14:15:03 2023
    Watch out those IRS tax forms could actually just be malware

    Date:
    Mon, 27 Mar 2023 13:06:00 +0000

    Description:
    Two new malicious campaigns recently spotted impersonating IRS tax forms.

    FULL STORY ======================================================================

    The tax season in the United States is nearly upon us once again, which can only mean one thing - hackers will be impersonating the Internal Revenue Service (IRS) in an attempt to steal money and sensitive information from businesses of all shapes and sizes.

    Cybersecurity researchers from two companies - Palo Alto Networks and Malwarebytes have discovered two malicious phishing campaigns doing just
    that, but having somewhat different approaches.

    In one campaign, the attackers would impersonate the IRS and share a fake W-9 tax form via email. The fax form is actually the Emotet malware , capable of stealing sensitive data from the infected endpoints and using it to further distribute itself. Emotet can also serve as a dropper, allowing the threat actors to distribute different types of malware, ransomware included. Word
    and OneNote files

    In this campaign, the attackers would send a malware-laden Word document, inflated to 500MB+ in order to avoid triggering the antivirus programs. However, given that Microsoft blocked macros from internet-downloaded Office files, chances are this campaign wont be that successful.

    The second campaign is different in the fact that instead of Word files,
    these attackers are distributing OneNote files with malicious add-ons. Read more

    Microsoft OneNote is being fixed after surge in malware


    Microsoft OneNote is still being used to flood devices with malware


    Check out the best personal finance software right now

    These are yet to be fully blocked when downloaded from the internet, so the success rate will probably be somewhat higher. In this campaign, the
    attackers would share a NoteBook (a OneNote file) thats protected (seems to
    be blurred out) and requiring the user to click Unlock or View or a similar call to action. However, what they would really be doing is triggering the add-on, which would download the Emotet malware.

    The second major difference is that these files wouldnt come from the fake
    IRS but rather fake partners, clients, or businesses the victims otherwise engage with.

    Usually, tax forms are distributed as a .PDF file, and not as a .DOCX file, which is probably the best way to spot a cyberattack. Furthermore, OneNote is not exactly the most popular productivity tool out there, so getting a NoteBook file should be a red flag right from the start. Here are the best ID theft protection tools today

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/watch-out-those-irs-tax-forms-could-actually-ju st-be-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)