In October of last year, Microsoft used a court order to disrupt the prolific ransomware distributor Trickbot. The botnet survived and now threat researchers are monitoring a new Trickbot campaign. The new phishing attack sends an email link that redirects victims to a compromised server, taking them to a webpage claiming they have been found guilty of a traffic violation. Included is a download button where victims can see photos of the alleged incident. Upon clicking the download button, a zip file containing a malicious JavaScript file is downloaded, and if the JavaScript file is double-clicked, it will run using the built-in Windows scripting host and Trickbot malware is loaded by downloading a binary executable.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security