Collaborate Disseminate
An email with the subject of Invoice notification with id number: 40533 pretending to come from random senders with a link in the email to a malicious word doc delivers some sort of malware. I am not sure what these are but am guessing at possibly Emotet banking Trojan They are using … Continue reading → Continue reading Invoice notification with id number: 40533 delivers malware
An email with the subject of Account secure documents pretending to come from HSBC but actually coming from a look alike domain <noreply@hsbcdocs.co.uk> with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering Trickbot banking Trojan They are using email addresses and … Continue reading → Continue reading Spoofed HSBC Account secure documents malspam delivers trickbot
Trickbot are being very busy today. This is the 4th version, which is very different to the previous 3. At least I think it is Trickbot. The email delivery & registration matches recent Trickbot actors, but the actual malware delivery is very different An email with the subject of IMPORTANT … Continue reading → Continue reading Spoofed Royal Bank of Scotland IMPORTANT : Advice of Service Charge malspam delivers trickbot
Continuing with the latest series of emails with pdf attachments that drops a malicious macro enabled word doc that delivers Trickbot banking Trojan So far today we have seen 3 different campaigns and subjects all eventually leading to the same Trickbot payload The 1st spoofing true-telecom.com 2nd spoofing Apple 3rd Spoofing … Continue reading → Continue reading multiple campaigns delivering Trickbot banking Trojan
An email with the subject of UK Fuels Collection pretending to come from invoices@ebillinvoice.com with a malicious word doc attachment delivers some sort of malware. I am not sure what these are. They might be Jaff ransomware or might be Dridex banking Trojan or Trickbot banking Trojan. The last time I saw … Continue reading → Continue reading Spoofed UK Fuels Collection malspam delivers malware, possibly Trickbot
An email with the subject of Secure email message pretending to come from Sage Invoice but actually coming from a look-a-like domain <noreply@sage-invoice.com> with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering Trickbot banking Trojan They are using email … Continue reading → Continue reading Spoofed Sage outdated invoice malspam delivers trickbot
The second of today’s Trickbot malspam campaigns is an email with the subject of New NatWest Bank Message pretending to come from NatWest Bank service but actually coming from a look-a-like domain <incoming@natwestonline270.ml> with a malicious word doc attachment is today’s latest spoof of a well known company, bank or … Continue reading → Continue reading Spoofed New NatWest Bank Message delivers Trickbot banking Trojan
An email with the subject of Confidential Documents pretending to come from Lloyds Bank but actually coming from a look-a-like domain <noreply@lloydsconfidential.com> with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering Trickbot banking Trojan They are using email addresses and … Continue reading → Continue reading Spoofed Lloyds Bank Confidential Documents malspam delivers Trickbot banking Trojan
An email with the subject of You have received a secure document via DocuSign pretending to come from HMRC via Docusign but actually coming from a look alike domain <noreply@docusign.delivery> with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering … Continue reading → Continue reading Fake HMRC via a Spoofed Docusign domain You have received a secure document via DocuSign malspam delivers trickbot
An email with the subject of Secure Communication pretending to come from HM Revenue & Customs but actually coming from a look alike domain < Secure.Communication@hrmccommunication.co.uk > with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering Trickbot banking Trojan They are … Continue reading → Continue reading Yet another Spoofed HM Revenue & Customs Secure Communication malspam delivering Trickbot banking trojan