Trickbot via fake Efax message using Squiblydoo, Active X, macro and abusing pastebin

We are seeing massive changes with the Trickbot delivery campaign overnight. I have only seen 1 mention on  Twitter about this campaign and 1 on a private malware research mailing list, so it can’t be affecting too many recipients. This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The email with the subject of “You have a new eFax message! ” pretends to come from Efax but actually comes from “service@efax.delivery” which is a look-a-like,  typo-squatted or other domain that can easily be misidentified, mistaken or confused with the Continue reading →