With just a few weeks until the April 15 deadline for US individuals and businesses to file their tax returns, scammers are as busy as ever.

Security researchers at Cofsense have warned that they have seen a number of malicious email campaigns which pose as communications from the Internal Revenue Service (IRS).

The emails which purport to come from “IRS.gov”, claim to contain tax forms (such as a W-9) that need to be filled out by the recipient.

However, in truth the bogus emails are an attempt to infect the PCs of unsuspecting computer users with the notorious Emotet malware.

Emotet is an extremely advanced family of malware, which is capable of dropping other malware onto users’ computers.

First rearing its ugly head in 2014 as a banking Trojan horse, Emotet has evolved over the years, sometimes updating itself multiple times a day, as it becomes more sophisticated in its attempt to bypass defences and hit as many victims as possible.

In the latest campaigns, potential victims are duped into opening email attachments and then enabling macros in Office documents which will download and install further malware, and attempt to spread across your company network.

On many occasions Emotet has been deployed by cybercriminals as part of an attempt to ultimately hit an organisation with ransomware, and demand a large ransom.

In an attempt to avoid detection by email-scanning defences, the attachments in some of the latest IRS-related campaigns have been packaged in a password-protected .ZIP archive.

irs-malware-email

Your email gateway-scanning solution may not know the password that has been used to compress the attachment, but it is contained in the message body – which is enough for a reckless user to decompress the archive file and open its contents.

Bleeping Computer reports that the .ZIP files contain an Excel (Read more...)