Attackers are attempting to deliver Remcos remote access tool (RAT) payloads on the systems of small businesses via phishing emails impersonating the U.S. Small Business Administration. They are taking advantage of the financial problems experienced by SMBs during the current COVID-19 pandemic to lure them into opening malicious attachments camouflaged as disaster assistance grants and testing center vouchers. The attackers’ method of asking for grant information is identical to the process used by the real SBA. Once installed on the target’s computer, the attackers gain full control over the machine allowing them to steal sensitive information.
Source: https://www.bleepingcomputer.com/news/security/us-small-business-administration-grants-used-as-phishing-bait/