Security News > 2020 > May > TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy
Threat actors are using people's interest in the Department of Labor's Family and Medical Leave Act to spread what appears to be the TrickBot trojan in a new spam campaign that security researchers discovered recently.
"Users infected with the TrickBot Trojan will see their device become part of a botnet that can allow attackers to gain complete control of the device," Via, along with IBM X-Force co-authors David Bryant and Limor Kessem, wrote in the post.
One curious thing about the research is that the samples observed by the IBM X-Force failed to actually download their intended payload, which researchers acknowledge made it difficult to know for sure if the campaign's malware is indeed TrickBot.
Researchers said the new campaign follows "Similar patterns" found previously used by TrickBot, such as the "Macro on Close" function followed by the DocuSign theme.
"Another link to TrickBot is an IP address, 198.72.111.141, also previously linked with hosting TrickBot campaigns," researchers wrote.
News URL
https://threatpost.com/trickbot-attack-covid-19docusign-themed-malw/155391/
Related news
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks (source)