Security News > 2020 > May > TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy
Threat actors are using people's interest in the Department of Labor's Family and Medical Leave Act to spread what appears to be the TrickBot trojan in a new spam campaign that security researchers discovered recently.
"Users infected with the TrickBot Trojan will see their device become part of a botnet that can allow attackers to gain complete control of the device," Via, along with IBM X-Force co-authors David Bryant and Limor Kessem, wrote in the post.
One curious thing about the research is that the samples observed by the IBM X-Force failed to actually download their intended payload, which researchers acknowledge made it difficult to know for sure if the campaign's malware is indeed TrickBot.
Researchers said the new campaign follows "Similar patterns" found previously used by TrickBot, such as the "Macro on Close" function followed by the DocuSign theme.
"Another link to TrickBot is an IP address, 198.72.111.141, also previously linked with hosting TrickBot campaigns," researchers wrote.
News URL
https://threatpost.com/trickbot-attack-covid-19docusign-themed-malw/155391/
Related news
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- New DoubleClickjacking attack exploits double-clicks to hijack accounts (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- New Web3 attack exploits transaction simulations to steal crypto (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)