Security News > 2020 > May > TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy
Threat actors are using people's interest in the Department of Labor's Family and Medical Leave Act to spread what appears to be the TrickBot trojan in a new spam campaign that security researchers discovered recently.
"Users infected with the TrickBot Trojan will see their device become part of a botnet that can allow attackers to gain complete control of the device," Via, along with IBM X-Force co-authors David Bryant and Limor Kessem, wrote in the post.
One curious thing about the research is that the samples observed by the IBM X-Force failed to actually download their intended payload, which researchers acknowledge made it difficult to know for sure if the campaign's malware is indeed TrickBot.
Researchers said the new campaign follows "Similar patterns" found previously used by TrickBot, such as the "Macro on Close" function followed by the DocuSign theme.
"Another link to TrickBot is an IP address, 198.72.111.141, also previously linked with hosting TrickBot campaigns," researchers wrote.
News URL
https://threatpost.com/trickbot-attack-covid-19docusign-themed-malw/155391/
Related news
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)