TrickBot Attack Exploits COVID-19

Walden Systems Geeks Corner News TrickBot Attack Exploits COVID-19 Rutherford NJ New Jersey NYC New York City North Bergen County
CielView-Server minimizes redundancy in computing resources while allowing users remote desktop access to virtualized user Desktops. CielView-Desktop provides customized solutions to each user in an organization

Hackers are using people.s interest in the Department of Labor's Family and Medical Leave Act to spread the TrickBot trojan in a new spam campaign that security researchers discovered recently. Recent analysis from spam sites set by IBM X-Force found that hackers are targeting email recipients with fake messages about employees right to family-leave medical benefits. The emails include malicious attachments aimed at installing the TrickBot malware.

TrickBot is a sophisticated banking Trojan first found in 2016 as a banking malware that can transform itself and adding new features to evade detection. It's developed over the years into a module-based malware solution aimed at attacking corporations. The latest campaign seems to change the target audience.


Users infected with the TrickBot Trojan will make their device be a part of a botnet that can allow hackers to get complete control. Typical TrickBot infections are bank account takeover, wire fraud, and ransomware attacks targeting organizational networks. The groups behind the latest campaign are taking advantage of the COVID-19 pandemic and resulting economic crisis when many are seeking financial support through federal government programs.

Researchers observed emails that contained a Microsoft Office Themes File called US-DoL.eml. The file contained an attachment, Medical Leave of Act 22.04.doc< contains the malicious code. Once opened, the document prompts to enable macros which launch malicious scripts. The macro creates a local directory, C:Test, and creates batch file, terop.bat. It then executes the file using other files.