Quote:A new variant of the the NetWire remote access trojan (RAT) is hitching a ride on IRS-themed phishing ploys targeting taxpayers in hopes of snatching victims’ credentials and tax information.
The recently uncovered campaign reveals the RAT’s operators swapping up infection tactics to use a legacy Microsoft Excel 4.0 Macro, helping them sidestep detection and analysis efforts. The NetWire variant’s payload has also been given a facelift, with improved keylogger and credential-collecting features.
“In this new variant, I noticed that it has improved its feature that collects credentials from the victim’s system,” said Xiaopeng Zhang, with Fortinet in a Tuesday analsysis. “It also fixed some bugs in the keylogger, which were wrongly recorded Esc as Ctrl in previous versions.”
NetWire has been spreading widely over the past few years, focused on stealing credential information, logging keystrokes and stealing hardware information. This latest campaign extends these capabilities by targeting taxpayers (many of whom are in the midst of the extended tax deadline) specifically, aiming to capture their screens as they fill out tax forms, check their online bank accounts, or write private emails, Zhang warned.
Read more: https://threatpost.com/taxpayers-targete...nt/154830/
![[-]](https://www.geeks.fyi/images/collapse.png)
