There are lots of changes to the Trickbot delivery system and possibly the payloads and configs today. This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The email with the subject of “FW: CASE #90ADP28TEFT – tax billing records” pretends to come from ADP but actually comes from “noreply@adpnote.com” which is a look-a-like, typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site. These have a malicious office file attachment. Today they are using macro enabled XLS Excel spreadsheet files. These are primarily … Continue reading →