Microsoft is warning of a new Remcos remote access trojan (RAT) campaign that is targeting accounting, tax return preparation firms, and other professional services firms in the United States ahead of the 2023 Tax Day. The malicious tool, Remcos, was released in 2016 as a legitimate tool, but has since been used in numerous malicious attacks, including mass campaigns during the Covid-19 pandemic. Once installed on a victim’s system, Remcos provides the attackers with remote access to the system, allowing them to execute commands and code, view running processes, steal passwords, take screenshots, as well as spy on victims using the webcam and microphone.
Cybercriminals are using lures posing as tax documentation sent by a client, which when clicked on, redirects the victim to malicious files hosted on a legitimate file hosting site. These malicious files ultimately lead to the installation of the Remcos RAT on the victim’s system. The infection chain relies on MSI files, VBScript files containing PowerShell commands, and, in some cases, the GuLoader malware downloader.
Microsoft warns that successful delivery of a Remcos payload could provide an attacker with the opportunity to take control of the target device to steal information and/or move laterally through the target network. It is therefore important for organizations to remain vigilant when it comes to handling tax documentation, and to ensure that the necessary security measures are in place to protect against malicious threats.
In summary, Microsoft has warned of a new Remcos RAT campaign targeting accounting and tax return preparation firms in the US ahead of Tax Day. The malicious tool provides attackers with remote access to Windows systems, allowing them to execute commands, view running processes, steal passwords, and spy on victims. Cybercriminals are sending lures posing as tax documentation that when clicked on, redirects the victim to malicious files leading to the installation of the Remcos RAT. Organizations should remain vigilant when it comes to handling tax documentation and ensure that the necessary security measures are in place.
Key points:
- Microsoft is warning of a new Remcos RAT campaign targeting accounting and tax return preparation firms in the US ahead of Tax Day.
- Remcos provides attackers with remote access to Windows systems, allowing them to execute commands, view running processes, steal passwords, and spy on victims.
- Cybercriminals are sending lures posing as tax documentation that when clicked on, redirects the victim to malicious files leading to the installation of the Remcos RAT.
- Organizations should remain vigilant when it comes to handling tax documentation and ensure that the necessary security measures are in place.