Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to the customers.
Hackers have compromised a marketing system in Subway UK and used it to send out phishing messages to deliver malware to the customers.
Subway UK customers received emails from ‘Subcard’ about the processing of an alleged Subway order. The malicious emails were including a link to a weaponized Excel document containing confirmation of the order.
An advantage having my own website is that I can make as many email addresses as I wish. I do this when I'm asked to register at a site, so I can see who sells my information on to spammers/scammersThanks @SUBWAY! The only place I ever used this email address was on your website pic.twitter.com/epdqaMDsqI
— Steve Worswick – Kuki's Developer (@KukiChatbotDev) December 11, 2020
The Excel documents would install the latest version of the TrickBot malware that was recently discovered by Advanced Intel’s Vitali Kremez.
Experts from Bleeping Computer reported the suspicious messages to the Subway UK that confirmed a security incident
“We are aware of some disruption to our email systems and understand some of our guests have received an unauthorised email. We are currently investigating the matter and apologise for any inconvenience.” a Subway spokesperson hacked subway marketing system trickbot phishing campaign
