Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Trickbot is the most prolific malware operation using COVID-19 themed lures

TrickBot is the malware that most of all is involved in COVID-19-themed attacks, Microsoft’s Office 365 Advanced Threat Protection (ATP) data reveals. The analysis of Microsoft Office 365 ATP data revealed that TrickBot is, at the moment, the malware operation with the highest number of unique COVID-19-themed malicious emails and attachments. Microsoft experts revealed that this campaign […]

Trickbot is the most prolific malware operation using COVID-19 themed lures

TrickBot is the malware that most of all is involved in COVID-19-themed attacks, Microsoft’s Office 365 Advanced Threat Protection (ATP) data reveals.

The analysis of Microsoft Office 365 ATP data revealed that TrickBot is, at the moment, the malware operation with the highest number of unique COVID-19-themed malicious emails and attachments.

Microsoft experts revealed that this campaign observed this week uses several hundreds of unique weaponized attachments in emails that pose as a message from a non-profit offering free COVID-19 test.

Upon opening the documents, victims are tricked into enabling the macros that use a delay before downloading the malicious payloads to evade sandbox analysis and emulation.

Despite threat actors are exploiting the current coronavirus pandemic to target users, last week Microsoft reported it hasn’t observed any spike in malware activity in this period, it only observed a change of lures.

“Our data shows that these COVID-19 themed threats are retreads of existing attacks that have been slightly altered to tie to this pandemic. This means we’re seeing a changing of lures, not a surge in attacks.” reads the report published by Microsoft.

“The trendy and pervasive Trickbot and Emotet malware families are very active and rebranding their lures to take advantage of the outbreak. We have observed 76 threat variants to date globally using COVID-19 themed lures (map below).”

Microsoft tracks thousands of phishing campaigns every week, the company revealed that of the millions of targeted messages observed only roughly 60,000 use the Coronavirus as a lure, it represents less than two percent of the total malspam traffic.

Crooks are adapting the templates of their malspam campaigns using COVID-19-related topics and subjects.

Last week the tech giant claimed it has spotted 76 threat variants globally using COVID-19 themed lures, most of them related to TrickBot malware operations.

Earlied March, while the COVID-19 outbreak exploded in Italy, a new spam campaign was targeting users in the same country. Crooks started exploiting the interest on Coronavirus (COVID-19) in the attempt of delivering the TrickBot information-stealing malware.

Experts at Sophos uncovered a new spam campaign, messages were pretending to be from a doctor (Dr. Penelope Marchetti) at the World Health Organization (WHO), they have a subject of “Coronavirus: Informazioni importanti su precauzioni.”

TrickBot allows attackers to gather information from compromised systems, it also attempts to make lateral movements to infect other machines on the same network.

Then the attackers attempt to monetize their efforts by deploying other payloads, like the Ryuk Ransomware

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – COVID-19, Trickbot)

[adrotate banner=”5″]

[adrotate banner=”13″]