A phishing campaign has been spotted delivering Amadey botnet malware to taxpayers in the U.S. through fake income tax refund emails. Researchers at Cofense noticed the campaign bypassing a secure email gateway (SEG) solution and dropping emails with malicious attachments. The infection chain starts with a message pretending to be from the Internal Revenue Service (IRS), informing the recipient that they’re eligible for a tax refund. The trick is pretty clever, as the attacker does not ask for credentials but instead provides a temporary username and password to log into the fake IRS portal.
Source: https://www.bleepingcomputer.com/news/security/amadey-botnet-targets-us-taxpayers-with-tax-refund-notice/