Recently IBM X-Force discovered a TrickBot trojan attacks which abused people’s interest in the Department of Labor’s Family and Medical Leave Act (FMLA). Using fake messages that claim to be from the department attackers “inform” families about changes in family-leave benefits related to COVID-19. Emails contain a weaponized attachment that acts as a dropper for the malware.
TrickBot is a well-known banking trojan developed in 2016. Originally created to attack big corporations it seems it changed a target audience at this time.
TrickBot trojan allows to takeover bank accounts and to conduct high-value wire fraud.
IBM X-Force says: “In the spam samples we looked at, the eventual TrickBot payload started out in a DocuSign-type attachment titled Family and Medical Leave of Act 22.04.doc. Once opened, the document asks the recipient to enable macros (ThisDocument.cls), from which, upon closing the file, malicious scripts will be launched to fetch the malware from the attacker’s designated domain.”
This campaign shows that cybercriminals continue to take advantage of the current COVID-19 pandemic state.
TrickBot trojan allows to takeover bank accounts and to conduct high-value wire fraud.
IBM X-Force says: “In the spam samples we looked at, the eventual TrickBot payload started out in a DocuSign-type attachment titled Family and Medical Leave of Act 22.04.doc. Once opened, the document asks the recipient to enable macros (ThisDocument.cls), from which, upon closing the file, malicious scripts will be launched to fetch the malware from the attacker’s designated domain.”
This campaign shows that cybercriminals continue to take advantage of the current COVID-19 pandemic state.
No comments:
Post a Comment