TrickBot is a banking Trojan which targets sensitive information and acts as a dropper for other malware. Trickbot is usually spread via malicious malspam campaigns. These campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment. The TrickBot banking Trojan, one of the most persistent threats on the current landscape, has been uncovered targeting users from the UK with geofenced malicious spam. The spam email looks like this:
When a victim downloads the attachment, it requires user authentication of enabling macros. Upon clicking, payload is downloaded.