OPERATION TaxShadow is a sophisticated phishing campaign involving a fake tax notice that delivers in-memory malware. Initiated through a fraudulent email that mimics communication from Indian tax authorities, victims are directed to a malicious ZIP file containing three files designed to compromise Windows systems. The malware executes without writing to the disk, making it stealthy and difficult to detect.
It employs sophisticated techniques such as DLL hijacking and WebSocket communication disguised as normal traffic while embedding Chinese-language comments in its code. Organizations are advised to train staff to recognize such phishing attempts and to use endpoint tools focused on behavior monitoring.