Microsoft has issued a warning about several phishing campaigns utilizing tax-related themes to deploy malware and steal credentials. The campaigns employ redirection techniques, including URL shorteners and QR codes in malicious attachments, while exploiting legitimate services to evade detection. These campaigns, linked to a phishing-as-a-service platform named RaccoonO365, distribute remote access trojans and other types of malware. One notable campaign, observed in February 2025, targeted the U.S. tax filing season and was attributed to the threat actor Storm-0249, known for previous distributions of various malware.
A notable aspect of these campaigns is that they lead to phishing pages that are delivered via a phishing-as-a-service (PhaaS) platform codenamed RaccoonO365.
These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services.
Collection
[
|
...
]