Microsoft warns of tax-themed phishing campaigns using PDFs, QR codes, and fake login pages to deliver malware like Remcos, Latrodectus, and GuLoader. Linked to group Storm-0249, the attacks target U.S. organizations during tax season using phishing-as-a-service platforms and evasion tactics to steal credentials and deploy remote access tools.

‍