Skip to main content
  1. Home
  2. Computing
  3. News

Fake IRS emails are delivering dangerous new malware this tax season

Add as a preferred source on Google

Tax season is upon us, which is creating ample opportunity for scammers. Researchers at security firm Heimdal have found a malware campaign that uses phony IRS emails to hit its targets.

The scam email purports to be about a tax refund but instead comes loaded with the Kovter trojan and CoreBOT malware. Kovtar is often used by cybercriminals to deliver ransomware. Kovtar is a little different because, once downloaded, it can sit on the registry rather than your disk. “The threat is also memory resident and uses the registry as a persistence mechanism to ensure it is loaded into memory when the infected computer starts up,” said a blog from Symantec last year, which detailed the malware’s features.

Recommended Videos

Meanwhile, CoreBOT is a well-known banking malware strain that can steal crucial login details. It largely targets online banking credentials in the U.S., Canada, and the U.K.

According to Heimdal, users need to keep an eye out the email subject line: “Payment for tax refund # 00 [6 random numbers]” and any zip attachment called “Tax_Refund_00654767.zip -> Tax_Refund_00654767.doc.js,” which people are of course advised never to download.

“But don’t let your curiosity get the best of you: not only is it a fake email, but it also carries plenty of danger within,” said Heimdal’s Andra Zaharia.

IRS scams are nothing new and have traditionally involved scam phone calls that target someone that believes they are being question by the agency for their personal details. The IRS has been warning users for years about potential phishing threats coming from fake IRS emails but this new discovery marks a slightly more dangerous threat.

IRS is keen to remind people that it will not contact anyone via email, social media, or text message. Be extra wary of any IRS emails that land in your inbox this tax season.

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Apple’s Hide My Email feature has an unfixed bug that leaves email addresses exposed
100% exploitable in limited testing, known since June 2025, and still unfixed as of today.
apple-merging-sign-in-with-apple-hide-my-email-icloud+

Apple has been selling Hide My Email to keep your real email address hidden, but it has a vulnerability that does the exact opposite. The worst part is that the company has known about it for a year. 

Hide My Email, part of Apple’s paid iCloud+ subscription, lets users generate anonymous email addresses for signing up to a website, so that their personal or work email remains free of promotional emails and spam. 

Read more
I hate sharing my Mac, but a face-unlocking app finally cured my privacy paranoia
Someone finally built the app locker every Mac user has been asking for.
FaceGate in action on Mac

If you have ever handed your Mac to a friend, family member, or coworker for "just a minute," you know the mild panic that follows. Sure, your Mac has a lock screen, but once someone is past it, they can open Messages, Photos, Notes, Mail, WhatsApp, and your browser.

iPhones had the same issue, but Apple solved it by adding an app lock feature with the iOS 18 update. Sadly, no such feature exists for macOS. That’s where the new FaceGate app for Mac can help you. It’s a free and open-source app that lets you lock apps on your Mac and even has some novel tricks up its sleeve. So, let’s talk about it, shall we?

Read more
The charm of a tiny Windows tablet is apparently dead at Microsoft. Long live the Surface Go!
Microsoft’s budget Surface era may be over
Microsoft Surface Go 3 stand.

Microsoft might be cleaning up its Surface lineup. According to Windows Central, Microsoft has stopped manufacturing the Surface Go and Surface Laptop Go lines, with no successors currently planned. Surface Go 4 and Surface Laptop Go 3 are reportedly out of stock in most places, and once remaining retail stock is gone, that may be it.

If this is true, then we are looking at the end of the brand's budget Surface PCs as Microsoft has plenty of premium Windows hardware.

Read more