The scam email purports to be about a tax refund but instead comes loaded with the Kovter trojan and CoreBOT malware. Kovtar is often used by cybercriminals to deliver ransomware. Kovtar is a little different because, once downloaded, it can sit on the registry rather than your disk. “The threat is also memory resident and uses the registry as a persistence mechanism to ensure it is loaded into memory when the infected computer starts up,” said a blog from Symantec last year, which detailed the malware’s features.
Meanwhile, CoreBOT is a well-known banking malware strain that can steal crucial login details. It largely targets online banking credentials in the U.S., Canada, and the U.K.
According to Heimdal, users need to keep an eye out the email subject line: “Payment for tax refund # 00 [6 random numbers]” and any zip attachment called “Tax_Refund_00654767.zip -> Tax_Refund_00654767.doc.js,” which people are of course advised never to download.
“But don’t let your curiosity get the best of you: not only is it a fake email, but it also carries plenty of danger within,” said Heimdal’s Andra Zaharia.
IRS scams are nothing new and have traditionally involved scam phone calls that target someone that believes they are being question by the agency for their personal details. The IRS has been warning users for years about potential phishing threats coming from fake IRS emails but this new discovery marks a slightly more dangerous threat.
IRS is keen to remind people that it will not contact anyone via email, social media, or text message. Be extra wary of any IRS emails that land in your inbox this tax season.
Editors' Recommendations
- The best free antivirus platforms for Mac in 2021
- How to protect your smartphone from hackers and intruders
- The best mileage apps for small businesses in 2021
- The best free antivirus software for 2021
- The best podcasts of 2021
