Thursday 13 February 2020, Poradnik bezpieczeństwa

Cybercriminals are impersonating the Ministry of Finance - email with tax settlement

Lost24

It could have been expected that cybercriminals would use the tex settlement period to attack internet users. CERT Poland warns against emails with malware related to the tax settlement.


Hackers impersonate the Ministry of Finance in emails. The attack is aimed at people who use the possibility of settlement by the tax office.


Hackers inform their potential victims about sending the PIT-28 declaration and urge them to download the so-called UPO (official confirmation of receipt). UPO is then sent in a .pdf format, which contains a VBS script that launches the download of BrushaLoader malware. Next, ISFB/UR type malware is installed. Malware steals system information and attempts to steal credentials for electronic banking.