Introduction Seqrite Labs recently identified a malware distribution campaign that abused the credibility of government institutions to increase infection success rates. The threat actors impersonated legitimate government departments and distributed malicious emails disguised as official notifications related to taxation, refunds, compliance requirements, and regulatory matters. By leveraging recognizable government branding, urgency, and financial incentives, the […] The post Behind the Refund: From GST Phishing to Remcos RAT Through a Multi-Stage .NET Infection Chain appeared first on Seqrite Labs.