Advintel cybersecurity experts: Malware operators now target exposed RDP connections to gain an initial foothold and exploit CVE-2018-8453 and CVE-2019-1069.
Tecnica analysis by the Malware Hunter JAMESWT
A fake Pfizer invoice spreads a global Trickbot campaign also in Italy. The xlsb mail attachment contacts a url and downloads the malware from an opendir, which also contains Ursnif / Gozi and is constantly updated
Pfizer’s False Payment Request Carries a Global Trickbot Campaign.
The xlsb mail attachment, if opened, contacts a url and downloads the malware from an opendir that also contains Ursnif / Gozi.
This, however, is constantly updated, so it could subsequently download one or more different payloads. The cybercrime banking trojan was originally born only to steal codes and credentials. Over time, however, it has evolved into a modular botnet, which allows – among other things – to download other payloads to the infected computer.