Threat actors are not done this year targeting taxpayers. As people in some countries are preparing to file their tax returns, attackers launched a new phishing campaign trying to infect victims’ machines with Remote Access Trojans.
Bitdefender Antispam Lab described a new malspam campaign that has reached tens of thousands of users at the beginning of May.
Ninety-eight percent of the attacks have originated from IP addresses in Bangladesh. Attackers focus their efforts mostly on South Asia, as 76.08% of targeted users reside in South Korea, the next comes Australia with 17%, followed by the US – 1%.
The focus on South Korean individuals is explained by the fact that the deadline for filing individual income tax returns in South Korea is May 31. According to the researchers, the cybercriminals either failed to do a good job or put little effort into creating legitimate-looking emails. They didn’t make an effort to create a sense of urgency for recipients either.
Victims received scam emails with the subject line “Account Ledger for 2020-2021” and the text that encourages recipients to “verify the attachment.” Upon opening the attachment, victims deployed malicious software that ultimately allowed the attackers to gain root privileges on the target machine. Attackers gained a range of capabilities including user behavior monitoring, access to confidential or sensitive information, and screenshot capture.
Researchers also note the operators of this campaign can use the malware for downloading other malware tools such as ransomware.
Researchers say the RAT is particularly dangerous, because if it is paired with a keylogger, the attackers can gain financial and personally identifiable information later use it for fraud and identity theft. And by deploying ransomware, the threat actors can encrypt machines and demand a ransom in exchange for a decryption key.
Researchers observed threat actors launching campaigns against mostly social, political, and economic targets. They tailored their attacks to suit various scenarios.
“They play a never-ending game of cat and mouse with their targets. While many users have become savvy at spotting phishing emails, the simplicity and most likely familiarity of such correspondence may prove highly profitable for cybercriminals,” Bitdefender researchers conclude.