Security News > 2020 > May > TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy
Threat actors are using people's interest in the Department of Labor's Family and Medical Leave Act to spread what appears to be the TrickBot trojan in a new spam campaign that security researchers discovered recently.
"Users infected with the TrickBot Trojan will see their device become part of a botnet that can allow attackers to gain complete control of the device," Via, along with IBM X-Force co-authors David Bryant and Limor Kessem, wrote in the post.
One curious thing about the research is that the samples observed by the IBM X-Force failed to actually download their intended payload, which researchers acknowledge made it difficult to know for sure if the campaign's malware is indeed TrickBot.
Researchers said the new campaign follows "Similar patterns" found previously used by TrickBot, such as the "Macro on Close" function followed by the DocuSign theme.
"Another link to TrickBot is an IP address, 198.72.111.141, also previously linked with hosting TrickBot campaigns," researchers wrote.
News URL
https://threatpost.com/trickbot-attack-covid-19docusign-themed-malw/155391/
Related news
- New DoubleClickjacking attack exploits double-clicks to hijack accounts (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- New Web3 attack exploits transaction simulations to steal crypto (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Clone2Leak attacks exploit Git flaws to steal credentials (source)
- New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)