Trickbot Banking Trojan has resurfaced and is being distributed through phishing emails, which are largely targeted towards North American recipients, containing a malicious Excel spreadsheet. Unusually, the subject line and content of the body refer to ACH failures due to erroneous hash totals. Macros need to be enabled for the excel spreadsheet to be able to infect the potential victim. If macros are enabled, a PowerShell script is executed to download the payload and begins the infection process which will result in the Trickbot banking Trojan being installed.
Loss of sensitive information
server-side injections and redirection attacks
Indicators of Compromise
IP(s) / Hostname(s)