Hackers use backdoor and remote access trojan that let attackers gain complete remote control over the compromised computer. The campaign is financially motivated, it includes two tools dubbed BalkanDoor and BalkanRAT and distributed through tax themed malicious emails. Both tools gets installed in the same machine which lets attackers access the machine remotely through the command-line interface and a graphical interface. Once installed it hides as a service under legitimate services such as and accomplish the task. Once it installed the computer gets connected with the C&C server and registers itself and started requesting commands.”]