Cybereason detected a new campaign targeting US taxpayers with documents that purport to contain tax-related content, delivering NetWire and Remcos – two powerful and popular RATs (remote access trojans) Each year, by April 15th, all US citizens are expected to deliver their tax returns. The malicious documents that infect the user are roughly 7MB in size, which allows them to evade traditional AV mechanisms and heuristic detection. The infection chain uses cloud services such as Iimgur to store the Netwire/Remcos payloads, hidden in image files. Payloads are concealed and downloaded within image files, combined with the fact they are hosted on public cloud services makes them harder to detect.”]
Source: https://www.cybereason.com/blog/cybereason-exposes-malware-targeting-us-taxpayers