skip to Main Content

Cybercrime, fake Pfizer invoice carries a global Trickbot campaign

Tecnica analysis by the Malware Hunter JAMESWT

A fake Pfizer invoice spreads a global Trickbot campaign also in Italy. The xlsb mail attachment contacts a url and downloads the malware from an opendir, which also contains Ursnif / Gozi and is constantly updated

Pfizer’s False Payment Request Carries a Global Trickbot Campaign.

The xlsb mail attachment, if opened, contacts a url and downloads the malware from an opendir that also contains Ursnif / Gozi.

This, however, is constantly updated, so it could subsequently download one or more different payloads. The cybercrime banking trojan was originally born only to steal codes and credentials. Over time, however, it has evolved into a modular botnet, which allows – among other things – to download other payloads to the infected computer.

Back To Top