Not even seven days after its public release, the American Rescue Plan Act has already been exploited by cybercriminals. This is the latest example of using a relief measure as bait for phishing or malware delivery.
To go into more detail, a recent campaign is impersonating the US Internal Revenue Service, using their official logo and a spoofed domain. The email purports to offer an application for financial assistance, but in reality, the $4,000 stimulus check offered hides the Dridex banking trojan, delivered by exploiting a legitimate cloud service within the kill chain. Legitimate cloud services are implicitly trusted by the u