Threat actor successfully accessed subway UK customers' confidential information such as names and email addresses by hacking a subcard server. This campaign has come to light when BleepingComputer observed a massive phishing campaign targeting U.K. citizens, pretending to be order confirmation from subway UK.
According to the researchers, threat actor was distributing malicious Excel documents to the users that would install the updated version of the TrickBot malware into the system. As per the analysis, the downloaded TrickBot malware is a DLL that will be inserted into legitimate Windows Problem Reporting executable directly (wermgr.exe) from memory to avoid being caught by security software and would appear like an authentic task running in the task manager.
What is TrickBot?
Trickbot is a computer malware-trojan, which targets Microsoft Windows or other operating systems to get sensitive information and acts as a dropper for other malware. Mainly, the malware is configured to send direct links to users by emails to download malware from malicious websites and trick the users into opening malware through an attachment.
It is about yesterday when Subway UK customers were receiving bogus emails from 'Subcard' of Subway about customers placed orders. The emails that were sent to the users comprised of certain links of documents that appeared to be a confirmation of the order.
In a recent development, it has been observed that TrickBot malware expanded its arsenal by adding TrickBoot.
In November, operators of TrickBot had add ..
Support the originator by clicking the read the rest link below.
