"Fake Labor Department Emails Designed to Spread TrickBot"

Researchers from IBM X-Force found that adversaries are sending fake emails designed to look like notifications from the Labor Department concerning changes to the Family and Medical Leave act, in an attempt to spread TrickBot malware.  The messages contain official-looking logos and images from the Labor Department, and also borrow wording contained in the department's FAQ and "Contact Us" sites.  The messages contain two PNG image files, and also a file that appears to be a Docusign document called: "Family and Medical Leave of Act 22.04.doc".  Victims who open the email are enticed to open the document because it is portrayed as containing more information about changes to the Family and Medical Leave Act.  To read the document, the victim is asked to enable macros. Once the user enables macros, malware is installed onto the device. The malware then calls a command-and-control server, which attempts to install TrickBot.  

Bank Info Security reports: "Fake Labor Department Emails Designed to Spread TrickBot"

 

Submitted by Anonymous on