A new phishing campaign is targeting U.S. taxpayers with documents that purport to contain tax-related content, but deliver NetWire and Remcos malware. Last year alone, the IRS identified more than $2.3 billion in tax fraud schemes. The new infection process is designed to evade antivirus tools and tricks targets into installing the malware via a tax-themed Word Document containing a malicious macro that downloads an OpenVPN client on the targeted machine. The malware dropper establishes a connection to the legitimate cloud service ‘Iimgur’ and downloads the NetWire or Remcos payloads by way of a technique called steganography.
Source: https://www.helpnetsecurity.com/2021/03/19/phishing-taxpayers/