Security News > 2020 > May > TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy

TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy
2020-05-01 13:12

Threat actors are using people's interest in the Department of Labor's Family and Medical Leave Act to spread what appears to be the TrickBot trojan in a new spam campaign that security researchers discovered recently.

"Users infected with the TrickBot Trojan will see their device become part of a botnet that can allow attackers to gain complete control of the device," Via, along with IBM X-Force co-authors David Bryant and Limor Kessem, wrote in the post.

One curious thing about the research is that the samples observed by the IBM X-Force failed to actually download their intended payload, which researchers acknowledge made it difficult to know for sure if the campaign's malware is indeed TrickBot.

Researchers said the new campaign follows "Similar patterns" found previously used by TrickBot, such as the "Macro on Close" function followed by the DocuSign theme.

"Another link to TrickBot is an IP address, 198.72.111.141, also previously linked with hosting TrickBot campaigns," researchers wrote.


News URL

https://threatpost.com/trickbot-attack-covid-19docusign-themed-malw/155391/