'Taxve Inc.' Email Virus Description
The 'Taxve Inc.' email virus refers to a spam campaign that distributes bait email messages carrying corrupted file attachments. The threat actors behind the operations distribute thousand upon thousand of these emails to unsuspecting users and wait for some of the potential victims to fall for the trap.
The bait messages of this malware campaign state that the user has received an invoice from 'Taxve Inc.' Of course, this is just a pretense in getting the users to download and open the attached file. The subject or title of the email may be a variation of 'Acct No. 70815844537: Your Invoice From Taxve is Ready 2021.25.08.' Inside, the email claims that to ease the integration of the invoice information into the user's accounting tool, a convenient Excel file has been provided.
The deceptive and misleading statements continue with the fraudsters pretending that to view the invoice, users will have to manually enable macros in Microsoft Excel. Doing so will trigger the corrupted code inside the file and result in the Dridex malware threat being dropped on the device.
Dridex is a potent malware that can perform a variety of nefarious actions. However, its main function is to collect sensitive data from the compromised systems. The threat establishes keylogging routines that capture any keyboard button press or mouse click. The attackers can then steal account credentials (usernames, IDs, passwords) or payment information (banking details, credit/debit card numbers). Once in possession of the user's data, the attackers can exploit it by making fraudulent purchases or sell the account credentials on underground hacker forums.