In December 2025, Kaspersky, a global cybersecurity company, detected a phishing campaign led by the SilverFox threat group, targeting individuals and organizations in India with fake emails that closely resemble official communications from the Income Tax Department of India. This campaign aims to trick recipients into downloading malicious files that could compromise their devices and sensitive data. Kaspersky's analysis revealed that between January and February 2026, over 1,600 malicious emails were recorded, with similar campaigns also targeting entities in Indonesia, South Africa, and Russia. The emails were designed to appear as urgent tax audit notifications, prompting users to download an archive claiming to contain a list of tax violations. Upon clicking, users inadvertently downloaded a modified Rust-based loader that deploys the ValleyRAT backdoor, along with a new Python-based backdoor named ABCDoor, which has been part of the SilverFox arsenal since late 2024. This backdoor allows attackers to remotely control infected systems, stream victim screens, and access sensitive information. Kaspersky emphasizes the importance of social engineering in this attack, as the group exploits users' trust in official agencies. To protect against such threats, Kaspersky advises enhancing digital literacy, using automated email security solutions, and staying informed about emerging cyber threats.