Trickbot via fake Efax message using Squiblydoo, Active X, macro and abusing pastebin

We are seeing massive changes with the Trickbot delivery campaign overnight. I have only seen 1 mention on  Twitter about this campaign and 1 on a private malware research mailing list, so it can’t be affecting too many recipients. This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The email with the subject of “You have a new eFax message! ” pretends to come from Efax but actually comes from “[email protected]” which is a look-a-like,  typo-squatted or other domain that can easily be misidentified, mistaken or confused with the … Continue reading →

Article Link: https://myonlinesecurity.co.uk/trickbot-via-fake-efax-message-using-squiblydoo-active-x-macro-and-abusing-pastebin/