From threatpost.com
Taxpayers are being targeted by a new NetWire RAT variant in a recent malspam campaign that makes use of an improved keylogger and an Excel 4.0 Macro.
A new variant of the the NetWire remote access trojan (RAT) is hitching a ride on IRS-themed phishing ploys targeting taxpayers in hopes of snatching victims’ credentials and tax information.
The recently uncovered campaign reveals the RAT’s operators swapping up infection tactics to use a legacy Microsoft Excel 4.0 Macro, helping them sidestep detection and analysis efforts. The NetWire variant’s payload has also been given a facelift, with improved keylogger and credential-collecting features.