Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting U.S. citizens, according to a detailed report from Seqrite Labs.

Security researchers have uncovered a malicious campaign exploiting the tax season through sophisticated social engineering tactics, primarily phishing attacks.

These cybercriminals are deploying deceptive emails and malicious attachments to steal sensitive personal and financial information while distributing dangerous malware.

The campaign leverages redirection techniques and malicious LNK files, such as “104842599782-4.pdf.lnk,” to trick users into executing harmful payloads disguised as legitimate tax documents.

This strategy preys on user trust, especially among vulnerable demographics like green card holders, small business owners, and new taxpayers, who may lack familiarity with government tax processes.

Stealerium Malware and Multi-Stage Infection Chain

The infection chain begins with phishing emails containing deceptive attachments that, once opened, execute a series of obfuscated payloads.

Seqrite Labs’ technical analysis reveals ...