Hello, welcome to the Monday, August 26, 2019 edition of the Sands and Stormzones, Stormcast.

My name is Johannes Ulrich.

And then I'm recording from Jacksonville, Florida.

Xavier came across an interesting smaller attack last week, and in this attack, the using Mimicats for a change in order

to extract users passwords. One credentials were extracted using Mimicats. They were then

infiltrated to an FTP server which was exposed after Xavier was able to retrieve the

credentials from the actual exploit script. Turns out the attack wasn't really all that widespread,

only 53 different infected hosts at this point, but after all, 188 credentials were found in files on the FTP server.

The initial sample that Xavier found was Visual Basic Script, and now how this then ended up on users' systems I think isn't quite clear yet, but of course

there's a number of ways how you could deliver malicious script to a victim.

And the US Internal Revenue Service or IRS is warning taxpayers that they have seen a sort of more interesting malware campaign

that pretends to come from the IRS.

Now usually we see sort of an uptick in these IRS impersonation attacks during tax filing

season.

It's of course kind of late for that, but still a lot of people that still have

to finish up their taxes. In this particular case, the email claims to be an automatic income

tax reminder or an electronic tax return reminder. The email leads the user to an IRS look-alike site. And what probably makes

the entire scheme a little bit more plausible is that the email actually does include a one-time

password that the user is supposed to use to retrieve that document from this fake IRS website.

When the user enters the password, well, the malicious document is delivered and then used

to compromise the victim.

So while it originally kind of looks a little bit like a fishing attack, they're not really

...