The cybersecurity researcher Will Bushido discovered a cyber espionage campaign aimed to steal credential from at least 15 companies worldwide.
Tecnica analysis by the Malware Hunter JAMESWT
A fake Pfizer invoice spreads a global Trickbot campaign also in Italy. The xlsb mail attachment contacts a url and downloads the malware from an opendir, which also contains Ursnif / Gozi and is constantly updated
Pfizer’s False Payment Request Carries a Global Trickbot Campaign.
The xlsb mail attachment, if opened, contacts a url and downloads the malware from an opendir that also contains Ursnif / Gozi.
This, however, is constantly updated, so it could subsequently download one or more different payloads. The cybercrime banking trojan was originally born only to steal codes and credentials. Over time, however, it has evolved into a modular botnet, which allows – among other things – to download other payloads to the infected computer.