Cybersecurity firm warns of new threat to tax pros | #emailsecurity | #phishing | #ransomware

As tax season comes to a close, researchers at a cybersecurity company are seeing a new type of phishing attack embedded within documents sent via email to tax professionals.

Researchers at Abnormal Security reported Wednesday they have detected cybercriminals posing as potential tax clients and targeting tax professionals ahead of April’s deadline. Once they make contact, the hackers deliver a version of the remote-access tool Sorillus disguised as tax documents via email.

Sorillus is a commercial remote access tool, or RAT, that offers obfuscation and encryption features. The tool is able to collect confidential information including a hardware ID, username, country, language, webcam, headless, operating system and client version from targets.

“Between Feb. 24, 2022, and March 4, 2022, we identified more than 130 emails from threat actors posing as potential clients,” wrote Abnormal Security threat researcher Belem Regalado and threat intelligence analyst Rachelle Chouinard in a blog post Wednesday. “The emails claimed the sender was attempting to locate a CPA ahead of April’s deadline and obtain individual or business tax filing services for this year. However, each email delivered not the promised tax documents but instead an obfuscated version of the remote access tool (RAT) Sorillus.”

After the initial contact, the hackers sent follow-up messages containing a file share link to the Sorillus remote access tool hidden beneath the text, pretending to be a simple PDF file attachment. In reality, the file was a ZIP-compressed archive containing a JAR (Java archive) executable file.

The emails came from 10 different addresses but had similar subject lines such as “dawn.simpson Return Service 2021.”


The company is urging tax professionals to avoid opening any attachments or links in emails sent from new or prospective clients until they, or a member of their staff, has spoken with the client directly, or to upgrade your email security.

The Internal Revenue Service has also been urging tax professionals to beware of tax season phishing and related spearphishing scams. In February, the IRS warned about a phishing scheme that aimed to steal their tax prep software credentials (see story).

Original Source link

Leave a Reply

Your email address will not be published.

25 + = twenty nine