Sidewinder APT Group Campaign Analysis
April 20, 2020Rewterz Threat Alert – Spear Phishing Campaign Delivering HawkEye Infostealer
April 20, 2020Sidewinder APT Group Campaign Analysis
April 20, 2020Rewterz Threat Alert – Spear Phishing Campaign Delivering HawkEye Infostealer
April 20, 2020Severity
Medium
Analysis Summary
TrickBot is, at the moment, the malware showing up in the highest number of unique COVID-19 related malicious emails and attachments delivered to potential victims. Thousands of Covid 19 phishing emails have been sent to the users as a message from a non-profit offering free COVID-19 test.
TrickBot was recently spotted while using a malicious Android app for bypassing two-factor authentication (2FA) protection used by various banks after stealing transaction authentication numbers and also deployed as a spam campaign in campaign that impersonated a doctor at the World Health Organization (WHO) to take advantage of the public’s fears surrounding the coronavirus pandemic to target users.
Regular Malware Update
TrickBot was initially developed as modular banking malware and continuously upgraded by its authors with new modules and capabilities since October 2016 when it was initially spotted in the wild. Even though at first it was used only for harvesting and exfiltrating sensitive data, TrickBot has now evolved into a popular malware dropper that will further compromise infected systems by delivering other, usually a lot more dangerous, malware payloads.
Impact
- Credential theft
- Exposure of sensitive data
- Financial loss
Indicators of Compromise
Email Subject
Free Codiv -19 Testing
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.