Analysis by: Jat Lucas Sauler

We have observed a new spam wave delivering Trickbot. This campaign uses spam mail with malicious attachments disguised as a Microsoft Excel file. The message contains fake payment notification, claiming to be from well-known banks or financial entities. When the .XLS attachment is opened, it asks users to enable macros. This then executes a PowerShell command to access a malicious link that downloads the Trickbot malware.

Trend Micro detects the malicious attachment as Trojan.X97M.POWLOAD.NSFGAIBR. Trend Micro email products easily prevents spam messages from reaching your inbox. While products with anti-spam help, users are still advised to ignore email that are fro unknown sources.

 SPAM BLOCKING DATE / TIME: 21 November 2018 GMT-8
 TMASE
  • TMASE Engine: 8.0
  • TMASE Pattern: 4238