/plushcap/analysis/cloudflare/trickbot-spear-phishing-drops-malware

Phishing campaign threatens job security, drops Bazar and Buer Malware

What's this blog post about?

A spear-phishing campaign is threatening targets with false claims of employment termination due to economic impacts from the global pandemic. The goal of the attacker is to intimidate employees into clicking on a link that will ultimately lead to Bazar or Buer malware infections by way of Trickbot. This campaign employs a number of lures that threaten job security to coerce targets into clicking on the provided URL. The phishing messages are very simple and appear to originate from persons of authority within the targeted company, focusing on either employment termination or customer complaints. The use of common cloud-based hosting services allows the attacker to circumvent URL scanning techniques, as well as enables them to easily create new malicious links in the event that their URLs are identified as phishing pages.

Company
Cloudflare

Date published
Nov. 9, 2020

Author(s)
Elaine Dzuba

Word count
1981

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.