Cybercriminals are leveraging India's tax filing season to spread a dual-malware campaign, posing as the Indian Tax Department to deliver two remote access trojans (RATs) through a multi-stage infection chain1. The sophisticated phishing operation begins with fake tax assessment emails that prompt recipients to download a malicious utility disguised as an official ITR tool. This initial download sets off a chain reaction, ultimately granting attackers persistent access to compromised systems. The use of dual RATs allows attackers to maintain control over infected systems, even if one malware variant is detected and removed. This campaign highlights the importance of vigilance during tax filing season, as cybercriminals continue to exploit trusted government brands to trick victims. So what matters to practitioners is that staying informed about emerging threats, such as this dual-malware campaign, is crucial to maintaining effective defenses against cyberattacks.