TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy
IBM X-Force recently disclosed that malicious actors are spreading the TrickBot trojan through fake messages that are COVID-19 themes. The new campaign capitalizes on public concern and interest in the Department of Labor’s Family and Medical Leave Act (FMLA). IBM X-Force stated that they uncovered the campaign after the analysis of spam honeypots IBM X-Force set up. The group concluded that threat actors have been targeting victims through emails that claim to be informing the public of changes to the FMLA.
The analysis of the honeypots exposed that the email messages from the threat actors appear to be from the FMLA, which gives employees the right to family-leave medical benefits. The attachments on the emails are malicious are aim to downloaded the TrickBot malware onto the victim’s device. TrickBot is a sophisticated banking Trojan that dates back to 2016 and has a history of evolving to mitigate detection.