(Image credit: Shutterstock)
- Hackers exploit US Tax Day rush with phishing and malware
- Fake tax form sites via Google Ads drop ScreenConnect and disable defenses
- Campaign sets stage for ransomware, also seen with fake Chrome updates
Cybercriminals are once again taking advantage of the short deadline for the upcoming tax filing window to deploy malware and ransomware to people’s computers, experts have warned.
The April 15 tax deadline, also simply called Tax Day, is the last day most Americans have to file their federal income tax return and pay any taxes they owe.
Since many wait until the very last moment to address this problem, they rush to get it done and, as security researchers Huntress say, “trust the first Google result they see.”
Article continues below
Huntress says it is seeing an increase in people searching for specific US tax forms, such as W-2 or W-9. Hackers are leveraging this fact, creating fake landing pages and promoting them through Google Ads.
Therefore, when people search for these terms, they often land on malicious pages where they are served ScreenConnect (now commonly branded as ConnectWise Control), a legitimate remote access tool often used for malicious purposes.
The researchers are saying the attack targets all sorts of people, from employees, freelancers, and contractors to small businesses. Before running the remote access tool, the attackers first drop a kernel driver that disables security tools such as Windows Defender.
“Across our customer base, we reported over 60 instances of rogue ScreenConnect sessions tied to this campaign being used as the initial access vector,” Huntress stressed.
While the tax-themed lure is currently trendy, it’s not the only method being used. Huntress says it also saw a fake Chrome update page with JavaScript comments in Russian, “suggesting a broader social engineering toolkit and a Russian-speaking developer.”
The campaign seems to be just the first step in a multi-stage attack. At this stage, the crooks are establishing a foothold and harvesting credentials, likely in preparation of ransomware deployment.
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News andadd us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
