Experts from ESET warn against e-mails in which cybercriminals are impersonating the Internal Revenue Service. The malicious file VBS / TrojanDownloader.Agent.RKY is attached to the e-mail.

In the message, the victim is informed about the intention to initiate fiscal control. In addition, the content of the e-mail is written so it encourages the user to open the attachment, due to the fact that it allegedly contains a list of documents needed to carry out fiscal control.

Opening the attachment results in infection of the victim’s device with the Danabot banking Trojan, thanks to which cybercriminals are able to acquire logins and intercept passwords for bank accounts. This is possible due to the fact that Danabot allows the cybercriminals to connect to the victim’s device and inject a malicious script into the browser, which launches while logging into the online banking website.