Emotet malware campaign impersonates the IRS for 2022 tax season


Level 62
Thread author
Top poster
Content Creator
Apr 24, 2016
The Emotet malware botnet is taking advantage of the 2022 U.S. tax season by sending out malicious emails pretending to be the Internal Revenue Service sending tax forms or federal returns.

Emotet is a malware infection distributed through phishing emails with attached Word or Excel documents containing malicious macros. Once these documents are opened, they will trick the user into enabling macros that will download the Emotet malware onto the computer.

Once Emotet is installed, the malware will steal victims' emails to use in future reply-chain attacks, send further spam emails, and ultimately install other malware that could lead to a Conti ransomware attack on the compromised network.
With Emotet now developed by the Conti Ransomware gang, all organizations, large and small, should be on the lookout for these phishing campaigns as they ultimately lead to ransomware attacks and data exfiltration.

As always, it is vital to remember that the IRS never sends unsolicited emails and corresponds only through the postal service. Therefore, if you receive an email claiming to be from the IRS, mark it as spam, and delete the email.