A report published on Thursday by Proofpoint states that a phishing campaign that has been targeting Europe has now been attacking the United States with the goal of spreading Trojan malware onto computers. The latest phishing attacks impersonate the US Postal Service and contain a Word document that, when opened, installs IcedID malware. IcedID typically targets financial institutions, but now may be targeting healthcare providers.
The Word document triggers a Microsoft Office macro that downloads and installed IcedID onto the device. The same phishing campaign was observed in Germany, impersonating the German Federal Ministry of Finance and containing a .icu domain in the email address. In Germany, fraudulent emails contained tax refund information and prompted the recipient to open a Word document containing information on refund claims.
Read More: New phishing email campaign impersonates US postal service to deliver malware