Collaborate Disseminate
Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials. Continue reading Microsoft Office 365 Credentials Under Attack By Fax ‘Alert’ Emails
Introduction As of October 2019, commodity ransomware campaigns conducted by financially motivated threat actors pose a significant threat to organisations. The three distinguishing characteristics of such campaigns are: first, they are usually high vo… Continue reading Buran Ransomware Targets German Organisations through Malicious Spam Campaign
We are seeing massive changes with the Trickbot delivery campaign overnight. I have only seen 1 mention on Twitter about this campaign and 1 on a private malware research mailing list, so it can’t be affecting too many recipients. This example i… Continue reading Trickbot via fake Efax message using Squiblydoo, Active X, macro and abusing pastebin
Last week we reported on a fairly large scale Gandcrab ransomware campaign that was assisted in delivery via a security hole in Godaddy (and almost certainly other major DNS providers). Some of the major tech sites reported on the DNS compromise with a… Continue reading Godaddy DNS system still compromised to deliver yet another Gandgrab Ransomware campaign
An email with the subject of “This is an electronic efax Notification” pretending to come from efax but coming from efax@ramatmed.com with a link to download a malicious word doc that delivers Hancitor They are using email addresse… Continue reading Hancitor delivered via fake This is an electronic efax Notification
We are seeing the Dridex Banking Trojans being delivered via malspam emails again today. They are using several different subjects and lures. Both download the same Dridex banking Trojan version The 2 that I have looked at so far are: Your Virgin Media bill is ready coming from Virgin Media <webteam@virginmedia.smebusinesslink.com> … Continue reading → Continue reading Dridex banking Trojan delivered via fake emails from eFax and Virgin Media
An email with the subject of eFax pretending to come from EFax but actually coming from a whole range of look-a-like domains and for some strange reason today they are also coming from spoofed servicepaypal and NatWest domains with a malicious word doc attachment is today’s latest spoof of a well-known … Continue reading → Continue reading Trickbot delivered via fake eFax messages
An email with the subject of eFax pretending to come from eFax but actually coming from a look-a-like domain eFax <noreply@faxdocuments120.ml> with a malicious word doc attachment is today’s latest spoof of a well known company, messaging service, bank or public authority delivering Trickbot banking Trojan They are using email addresses and subjects … Continue reading → Continue reading fake eFax delivers trickbot banking trojan
The 2nd in today’s Trickbot malspams is an email with the subject of eFax message from “8473365403” – 1 page(s), Caller-ID: 44-020-3136-4931 pretending to come from eFax but actually coming from a look-a-like domain <message@efax-download.com> with a malicious word doc attachment is today’s latest spoof of a well known company, bank … Continue reading → Continue reading eFax message from “8473365403” – 1 page(s), Caller-ID: 44-020-3136-4931 malspam delivers Trickbot banking Trojan
An email with the subject of eFax message from “0300 200 3835” – 2 page(s) pretending to come from efax but actually coming from a look alike domain eFax <message@mail.efaxcorporate254.top> with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering Sharik /Smoke … Continue reading → Continue reading fake eFax message from “0300 200 3835” – 2 page(s) malspam delivers smoke /sharik /dofoil and Trickbot