silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,129
Read more below:The Google Docs online word processor is being used by attackers to disseminate TrickBot banking Trojan payloads to unsuspecting victims via executables camouflaged as PDF documents.
The phishing messages delivered via this malspam campaign use legitimate messages generated by sharing a Google Docs document with the targets, containing a fake 404 error message and a link to the malicious payloads.
By using legitimate Google Docs document sharing emails and landing pages, the attackers successfully bypassed a secure email gateway designed to monitor emails and block such attacks in their tracks as Cofense's research team discovered.
To redirect the targets to the Google Docs landing page, the attackers have added an "Open in Docs" button within the phishing email. Once on the landing page, the targets see the fake 404 error and are asked to download the document manually.
.jpg "Phishing email sample")
Phishing email sample
TrickBot Bypasses Secure Email Gateway Using Google Docs Phishing
The Google Docs online word processor is being used by attackers to disseminate TrickBot banking Trojan payloads to unsuspecting victims via executables camouflaged as PDF documents.
Trickbot Is Using Google Docs to Trick Proofpoint’s Gateway - Cofense
TrickBot using Google Docs to trick Proofpoint's gateway - Learn how TrickBot is using Google Docs to bypass email security gateways.
cofense.com
