Dual‑RAT phishing targets India tax filers this season
🛡️ Researchers at Cyderes uncovered a phishing campaign impersonating the Indian Tax Department that delivers two remote access trojans via a multi-stage infection chain. Victims receive fake tax assessment emails that prompt them to download a seemingly legitimate ITR utility, which abuses signed Windows binaries to sideload malicious DLLs and perform in-memory execution and process injection. The campaign deploys a Gh0st RAT derivative and a .NET implant related to the QuasarRAT/AsyncRAT family, each communicating with separate C2 servers, providing redundant access even if one implant is blocked.
