IRS Phishing Emails Used to Distribute Emotet

Security experts have warned US taxpayers not to fall for a new phishing campaign using the IRS as a lure to install notorious Trojan Emotet on their machines.

Scammers have long used tax filing season as an opportunity to trick consumers, and the latest attempt spotted by Malwarebytes is no different.

The phishing emails in question contain the subject “IRS Tax Forms W-9” and a spoofed sender address of “IRS Online Center.”

The short message contained in the body of the email is riddled with typos. A 709KB “W-9” attachment contains a 548MB Word doc titled “W-9 form.doc.”

Malwarebytes malware intelligence analyst, Chris Boyd, said the size marks it out as suspicious.

“You won’t find many genuine Word documents weighing in at 500MB or more. In fact, a file size of 500MB is a potential indicator that Emotet is lurking in the background,” he explained.

“Malware authors are artificially pumping up the size of the document in order to try and fool or break security tools. This is because the large file size may prove too difficult for the tools to get a handle on and properly analyze.”

The scammers will then try to persuade the recipient to enable Macros to initiate the Emotet download.

Read more about Emotet: Emotet Group Harvested Over 4.3 Million Victim Emails.

“Emotet has been around since 2014. Originally created as a banking Trojan, later versions added malware delivery and spam services,” Boyd explained. “Mostly featuring in email spam campaigns, a big focus of fake mails helping to deliver the infection include subjects like parcel shipping, invoices and other forms of payment.”

Emotet was recently highlighted by Malwarebytes as one of the top five biggest threats to businesses this year. Despite the botnet’s infrastructure being severely disrupted by law enforcement in January 2021, it subsequently resurfaced and remains a popular tool for cyber-criminals.

Boyd said US taxpayers should file early and beware of suspicious refunds, fake banking portals and emails pressuring them into filing refunds.

Articles You May Like

No one has done AR or VR well. Can Apple?
Critical Zero-Day Flaw Exploited in MOVEit Transfer
Monthly crypto exchange volume tumbled in May, hitting 32-month low
Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
As part of AI push, Chinese tech giant Baidu is now rolling out an AI venture fund

Leave a Reply

Your email address will not be published. Required fields are marked *