Fake IRS notice delivers customized spying tool | Advanced Mobile Spy Software
While macro-based documents and scripts make up for the majority of malspam attacks these days, we also see some campaigns that leverage documents embedded with exploits. Case in point, we came across a malicious Microsoft Office file disguised as a CP2000 notice. The Internal Revenue Service (IRS) usually mails out this letter to taxpayers when information is incorrectly reported on a previous return. Victims that fall for the scam will infect themselves with a custom Remote Administration Tool. A RAT can be utilized for legitimate purposes, for example by a system administrator, but it can also be used without a user's consent or knowledge to remotely control their machine, view and delete files or deploy a keylogger to silently capture keystrokes. In this blog post, we will review this exploit's delivery mechanism and take a look at the remote tool it deploys. Distribution The malicious document is hosted on a remote server and users are most likely enticed to open it via a link