Microsoft Office 365 Credentials Under Attack By Fax ‘Alert’ Emails

Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials. Continue reading Microsoft Office 365 Credentials Under Attack By Fax ‘Alert’ Emails

Buran Ransomware Targets German Organisations through Malicious Spam Campaign

Introduction As of October 2019, commodity ransomware campaigns conducted by financially motivated threat actors pose a significant threat to organisations. The three distinguishing characteristics of such campaigns are: first, they are usually high vo… Continue reading Buran Ransomware Targets German Organisations through Malicious Spam Campaign

Trickbot via fake Efax message using Squiblydoo, Active X, macro and abusing pastebin

We are seeing massive changes with the Trickbot delivery campaign overnight. I have only seen 1 mention on  Twitter about this campaign and 1 on a private malware research mailing list, so it can’t be affecting too many recipients. This example i… Continue reading Trickbot via fake Efax message using Squiblydoo, Active X, macro and abusing pastebin

Godaddy DNS system still compromised to deliver yet another Gandgrab Ransomware campaign

Last week we reported on a fairly large scale Gandcrab ransomware campaign that was assisted in delivery via a security hole in Godaddy (and almost certainly other major DNS providers). Some of the major tech sites reported on the DNS compromise with a… Continue reading Godaddy DNS system still compromised to deliver yet another Gandgrab Ransomware campaign

Hancitor delivered via fake This is an electronic efax Notification

  An email with the subject of “This is an electronic efax Notification”  pretending to come from efax but coming from efax@ramatmed.com with a link to download a malicious word doc  that delivers Hancitor They are using email addresse… Continue reading Hancitor delivered via fake This is an electronic efax Notification

Dridex banking Trojan delivered via fake emails from eFax and Virgin Media

We are seeing the Dridex Banking Trojans being delivered via malspam emails again today. They are using several different subjects and lures. Both download the same Dridex banking Trojan version The 2 that  I have looked at so far are: Your Virgin Media bill is ready  coming from Virgin Media <webteam@virginmedia.smebusinesslink.com> Continue reading → Continue reading Dridex banking Trojan delivered via fake emails from eFax and Virgin Media

Trickbot delivered via fake eFax messages

An email with the subject of eFax pretending to come from EFax but actually coming from a whole range of look-a-like domains and for some strange reason today they are also coming from spoofed servicepaypal and NatWest domains with a malicious word doc attachment is today’s latest spoof of a well-known Continue reading → Continue reading Trickbot delivered via fake eFax messages

fake eFax delivers trickbot banking trojan

An email with the subject of eFax pretending to come from eFax but actually coming from a look-a-like domain eFax <noreply@faxdocuments120.ml>   with a malicious word doc attachment  is today’s latest spoof of a well known company, messaging service, bank or public authority delivering Trickbot banking Trojan They are using email addresses and subjects Continue reading → Continue reading fake eFax delivers trickbot banking trojan

eFax message from “8473365403” – 1 page(s), Caller-ID: 44-020-3136-4931 malspam delivers Trickbot banking Trojan

The 2nd in today’s Trickbot malspams is an email with the subject of eFax message from “8473365403” – 1 page(s), Caller-ID: 44-020-3136-4931     pretending to come from eFax  but actually coming from a look-a-like domain <message@efax-download.com> with a malicious word doc attachment  is today’s latest spoof of a well known company, bank Continue reading → Continue reading eFax message from “8473365403” – 1 page(s), Caller-ID: 44-020-3136-4931 malspam delivers Trickbot banking Trojan

fake eFax message from “0300 200 3835” – 2 page(s) malspam delivers smoke /sharik /dofoil and Trickbot

An email with the subject of eFax message from “0300 200 3835” – 2 page(s) pretending to come from efax  but actually coming from a look alike domain eFax <message@mail.efaxcorporate254.top>   with a malicious word doc attachment  is today’s latest spoof of a well known company, bank or public authority delivering  Sharik /Smoke Continue reading → Continue reading fake eFax message from “0300 200 3835” – 2 page(s) malspam delivers smoke /sharik /dofoil and Trickbot