Cybercriminals exploit India’s tax filing season with a dual-malware campaign

Summary

Cybercriminals in India are targeting individuals during tax filing season with a sophisticated phishing campaign. This operation uses fake tax department emails to trick victims into downloading seemingly official ITR utilities, which in reality deploy two distinct remote access trojans (RATs) through a multi-stage infection chain.

IFF Assessment

FOE

This article details a new malware campaign exploiting a specific event to deliver multiple RATs, posing a significant threat to individuals and organizations.

Defender Context

Defenders should be aware of campaigns targeting seasonal events like tax filing, as these periods often see an increase in targeted phishing and social engineering. The use of dual RATs and advanced evasion techniques, including DLL side-loading and in-memory execution, requires robust endpoint detection and response (EDR) capabilities and vigilant user awareness training.

Read Full Story →