Microsoft warns of "prolific" Trickbot malware exploiting COVID-19 crisis

Hackers are sending out hundreds of emails offering free advice and testing

Trojan

Microsoft has warned that cyber criminals are taking advantage of the ongoing coronavirus crisis to trick users into downloading malware onto their devices.

In a statement on Twitter, Microsoft Security Intelligence said that hackers are posing as the “Usa Volunteer Organization” and the “Usa Humanitarian Group” and are sending out hundreds of emails offering free COVID-19 medical advice and testing.

Each email aims to install the Trickbot malware using “unique macro-laced” document attachments.

“Like in recent Trickbot campaigns, if allowed to run, the macro uses CHOICE.EXE to wait 20 seconds before downloading the info-stealing payload,” explained Microsoft’s Security Intelligence team. “Trickbot campaigns are known to delay malicious activities to evade emulation or sandbox analysis.”

The company also warned that new phishing campaigns are using the theme of remote working in an attempt to encourage victims to share personal data, such as bank details, over the phone.

“To further avoid raising a flag, phishers don’t put malicious URLs in emails. Instead, they leverage legitimate web services or use attachments that contain the link to the phishing site. In this example, phishers left the email body empty; message & link are in the attached PDF,” Microsoft explained over Twitter.

According to Microsoft 365 Security corporate VP Rob Lefferts, “the trendy and pervasive Trickbot and Emotet malware families are very active and rebranding their lures to take advantage of the outbreak”. 

“We have observed 76 threat variants to date globally using COVID-19 themed lures,” he wrote in a blog post.

Related Resource

2020 report: The threat posed by shadow IoT devices

Unsanctioned IoT devices open a portal for chaos across the network

Download now

Last year, the TrickBot trojan was named the most dangerous threat to healthcare, and it seems to be holding onto that title during the ongoing coronavirus pandemic.

Microsoft’s warning comes weeks after US and UK cybersecurity officials issued a joint warning that hackers, some of them potentially state-backed, are using the disruption caused by the coronavirus pandemic to exploit businesses and the wider public.

Google has also issued a warning to users working from home during the lockdown about a rise in the number of coronavirus-based phishing attacks, many of which are being sent as emails. 

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
How LSE is using digital technology to shape the future of higher education
digital transformation

How LSE is using digital technology to shape the future of higher education

15 Jun 2021

Most Popular

Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
OnePlus 9 Pro review: An instant cult classic
Hardware

OnePlus 9 Pro review: An instant cult classic

7 Jun 2021