TrickBot Malware Uses Fake Sexual Harassment Complaints as Bait (Nov 11, 2019)
In a new spearphishing campaign, threat actors are using fake sexual harassment claims to spread the “TrickBot” banking trojan to employees of large, undisclosed companies. The actors behind the campaign are posing as officials from the U.S. Equal Employment Opportunity Commission, customizing the phishing email using the target’s employer information, names, phone numbers, and titles to appear more legitimate. The email contains a malicious document that will infect the victim’s computer with the TrickBot payload. TrickBot has been used to harvest and exfiltrate sensitive banking information from it’s victims, and has evolved into
Recommendation: The impersonation of government agencies continues to be an effective spearphishing tactic. All users should be informed of the threat spearphishing poses, and how to safely make use of email. With the potential risk of ransomware, implementation of a backup solution for your users can ease the pain of losing sensitive and important data.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.