As if tax season wasn’t painful enough. Now spammers are targeting US tax filers with malware email attachments that can infect systems with a single click. The warning comes as the April 18 deadline for filing closes in fast.
According to Threatpost, the attackers are sending email attachments known as Java-based remote access trojans, or “jRATs”. They’re designed to look enticing with names like “IRS Updates.jar” and “Important_PDF.jar”.
One click on those attachments can grant an attacker access to personal or corporate systems.
It follows a trend whereby attackers send messages based around current events or topics. Tax time is especially ripe because it involves everyone, including millions of non-tech-savvy users. Residents filing taxes at the last minute are probably also under more stress, and are more likely to impulsively click an official-looking attachment.
What the New Trojans Do
Sameer Patil, a security researcher for Zscaler which is tracking the new trojans, described what happens to infected systems.
“The jRAT payload is capable of receiving commands from a C2 server, downloading and executing arbitrary payloads on the victim’s machine. It also has the ability to spy on the victim by silently activating the camera and taking pictures.”
He added that the jRAT he’d examined also obfuscated its code, making it hard for investigators to study it. The initial attachment is a “dropper” and decrypter for the actual payload file. The initial attachment checks for antivirus software and then downloads the payload.
The malware then communicates with the C2 server via an encrypted configuration file. Once granted access, attackers could potentially download more malware to the infected host.
US Residents Always Vulnerable to Tax and Other Scams
Long-suffering US residents already endure an onslaught of tax-related scams every year. Even non-computer users face IRS impersonators over the phone, and some attackers even target deaf users via video relay services (VRS). Senior citizens are also particularly vulnerable.
The IRS has reported a recent surge in email phishing scams and malware attachments. They may also come via text message on phones. The taxation agency warned people to be wary of any unsolicited messages that appeared to be from it.
The IRS also says it never asks for immediate payments over debit card or wire transfers and does not threaten to immediately bring in law enforcement over payments due.
And as always, it’s best practice to never click on email attachments unless you can confirm they’re genuine. If unsure, the IRS recommends contacting them by telephone to check.
Unfortunately, unless people are extra-vigilant 100 percent of the time, they will remain vulnerable to these kinds of scams. As communications and payment methods become more sophisticated, so will those who target their users.
Have you ever been scammed, or suffered an attempted tax scam? Tell us about it in the comments.
Images via IRS, Pixabay