"IRS Phishing Emails Used to Distribute Emotet"

Security researchers at Malwarebytes are warning US taxpayers not to fall for a new phishing campaign using the IRS as a lure to install notorious Trojan Emotet on their machines.  Scammers have long used tax filing season as an opportunity to trick consumers.  According to the researchers, the phishing emails in question contain the subject "IRS Tax Forms W-9" and a spoofed sender address of "IRS Online Center."  The short message in the email's body is riddled with typos.  A 709KB "W-9 form.zip" attachment contains a 548MB Word doc titled "W-9 form.doc."  The researchers stated that the document size makes it stand out as suspicious.  The researchers noted that you wouldn't find many genuine Word documents weighing in at 500MB or more.  In fact, a file size of 500MB is a potential indicator that Emotet is lurking in the background.  The researchers stated that malware authors are artificially pumping up the size of the document in order to try and fool or break security tools.  This is because the large file size may prove too difficult for the tools to get a handle on and properly analyze.  The scammers will then try to persuade the recipient to enable Macros to initiate the Emotet download.  Emotet has been around since 2014.  Created initially as a banking Trojan, later versions added malware delivery and spam services.  Emotet was recently highlighted by Malwarebytes as one of the top five biggest threats to businesses this year.  

Infosecurity reports: "IRS Phishing Emails Used to Distribute Emotet"