Threat actors leverage tax season to deploy tax-themed phishing campaigns
Essential information
- Published
- 03/04/2025 17:19
- Modified
- 03/04/2025 19:05
- Tags
- 2025-04-03 ahkbot bruteratel c4 credential-theft guloader latrodectus malware phishing qr codes redirection remcos remote access trojans social engineering tax season
- Related entities
- 1 intrusion sets (apt), 15 techniques (mitre), 5 malware, 5 others
Description
Microsoft has observed several phishing campaigns using tax-related themes to steal credentials and deploy malware as Tax Day approaches in the United States. These campaigns use redirection methods like URL shorteners and QR codes in malicious attachments, and abuse legitimate services to avoid detection. They lead to phishing pages delivered via RaccoonO365 platform, remote access trojans like Remcos, and other malware such as Latrodectus, BruteRatel C4, AHKBot, and GuLoader. The campaigns target various sectors including engineering, IT, consulting, and accounting firms. Threat actors use social engineering techniques to mislead taxpayers into revealing sensitive information, making payments to fake services, or installing malicious payloads. Microsoft provides detailed mitigation and protection guidance to help users and organizations defend against these tax-centric threats.