Forcepoint Security Labs have encountered an ongoing Trickbot campaign that appears to target crypto-currencies. Trickbot is a banking Trojan that is traditionally known to target financial institutions. Recently, we have observed Trickbot targeting Paypal and expanding its list of target institutions to include those from Nordic countries.
Today’s campaign uses Canadian Imperial Bank of Commerce (CIBC) as a social engineering lure. Below is a screenshot of the email:
The attached document is disguised as a CIBC document. It contains a macro downloader that ultimately downloads and executes a Trickbot variant.... Read more