Threats Tagged 'tax lure'
View all threats tagged with 'tax lure'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'tax lure'
Click on any threat for detailed analysis and mitigation recommendations
How a Tax Search Leads to Kernel-Mode AV/EDR Kill 0 A large-scale malvertising campaign targeting U.S.tax form searchers has been uncovered. The attack chain begins with Google Ads, using dual commercial cloaking services to evade detection. Victims are directed to rogue ScreenConnect installers, leading to a multi-stage crypter that ultimately deploys a BYOVD (Bring Your Own Vulnerable Driver) tool. This tool, named HwAudKiller, exploits a previously undocumented Huawei audio driver to terminate antivirus and EDR processes from kernel mode. The campaign's sophistication lies in its use of commodity tools and services, combining free-tier ScreenConnect instances, off-the-shelf crypters, and a signed driver with an exploitable weakness. The attackers consistently deploy multiple remote access tools on compromised hosts for redundancy, indicating a likely pre-ransomware or initial access broker operation. Join the discussion | AlienVault OTX General | 03/19/2026, 23:58:08 UTC Added: 03/20/2026, 08:08:28 UTC |
Showing 1 to 1 of 1 result