Keep an eye on your email for messages from the U.S. Postal Service claiming that you’ve missed an important delivery. Cybercriminals are abusing the public’s trust in the USPS to trick victims into installing the resurgent Trickbot malware.
Images:
getty
Researchers at Cofense have been tracking a new Trickbot phishing campaign which began earlier this month. The “lure” the attackers are using is one that most of us have encountered during the pandemic: a missed parcel delivery.
The messages claim that no one was available to provide a signature and that the recipient will have to reschedule the delivery. The criminals “helpfully” note that you can simply print out the linked shipping invoice and present it at a nearby post office to set up a new time.
It’s easy enough to see why someone would hurriedly click the button to view the purported invoice. No one wants to miss a delivery, and it can be incredibly frustrating when you do miss one.
There have been enough delays to deal with over the past couple of years . To then have to endure yet another one because of a bit of bad timing is just the sort of thing that might make people click first and ask questions later.
Those who do click through to see what this “invoice” is all about are pushed to a .ZIP file that hides a boobytrapped Excel workbook. When it’s opened, a large screen attempts to coax users into turning off Excel’s built-in defenses via the yellow Protected View bar.
If the instructions are followed, a script is triggered that tells the victim’s computer to download the real malicious payload and Trickbot infects the system.
Trickbot has been circulating since 2016. It started out as a banking Trojan, but has since evolved into fully modular malware that can provide remote access to infected systems, steal Active Directory credentials from enterprise environments and distribute ransomware.
Throughout the first year of the pandemic, Trickbot’s controllers used COVID-19 lures to phish for victims. Then, late in 2020, a collaborative effort involving Microsoft’s Digital Crimes Unit, numerous law enforcement agencies, security and hosting providers struck a major blow against Trickbot.
120 out of 128 of its servers had been taken offline. It was known at the time that keeping Trickbot suppressed would require an ongoing effort. Whether this new campaign is a last gasp or the start of its resurgence remains to be seen.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
