GAGANDEEP SINGH
29-March-2023
Security researchers at Malwarebytes and Palo Alto Networks unit 42 discovered a new malware.
The malware named Emotet targets users with phishing emails containing fake W-9 tax form attachments.
The attackers use this malware to coincide with the holidays and the yearly tax returns, i.e., The US tax season.
The attackers send emails with the Form while impersonating an authority from Internal Renew Service.
Phishing emails have a ZIP archive named W-9 form.zip which contains a malicious word document.
Once installed, it start stealing the victim’s email for future replay chain attacks and then spam emails.
The activity utilizes the replay chain e-mail, which pretends to be the business partners sending victims the W-9 form.
These forms are sent in PDF attachments, not Word attachments, so avoid opening them.