According to recent reports, a phishing attack was discovered that distributed malware to users’ computers. Hackers imitated the big food chain Subway by phishing. Hackers deceived users with an order confirmation email that appeared to be from Subway and distributed TrickBot malware to hundreds of people’s computers. Let’s take a look at the details about the Subway phishing attack spreading malware.
Subway Phishing Spreading Malware: What is TrickBot?
One of the most preferred attack methods in phishing attacks is to infect users’ devices with malware. TrickBots are used exactly this way. As soon as these bots infiltrate the user’s device, they capture the files or systems targeted by the phishing attack. Such bots, which are considered in the Trojan category, are installed through malware.
The bot’s tasks include many malicious tasks such as stealing users ‘personal or sensitive information, usernames and passwords, infiltrating companies’ databases, and seizing cookies on sites. Also, hackers use these bots for ransomware. It can access vulnerable networks by working with Ryuk and similar ransomware tools.
Subway Phishing Spreading Malware Affected Thousands!
Researchers strongly warn UK citizens of phishing. Thousands of people are at risk as the phishing attack targets users’ personal and sensitive information with phishing emails. Hackers seem to gain access to the names and e-mail addresses of Subway customers as a result of a phishing attack. This paves the way for larger attacks.
Subway company also confirmed this. They also reported that there was an interruption in their systems. They explained that they are currently investigating the issue, that they will notify customers when they have access to important information about the phishing attack, and that they have advised customers to delete their e-mail accounts until that date.
Subway Phishing Spreading Malware: Phishing Emails
In the cyberattack, phishing e-mails mostly use the subjects such as “Your order is being processed” and “We have received your order”. The email sender was subcard@UK-IE.subwaysubcard.eu address. Also, in emails, hackers asked users to click the link to confirm their order. This is a demand that we don’t usually encounter with online orders.
Clicking on the link opens a fake phishing site called ‘FreshBooks’. When you click any link on this page, an Excel file is downloaded to your computer. Victims of the cyberattack say that some of the Excel spreadsheets were protected by passwords. After entering the password, a phishing attachment titled DocuSign appears. The attachment states that there is a problem viewing the document and states what the user should do to view the document. For this, users have to click on the “Enable Editing” and “Enable Content”.
When the user clicks on these links, it activated the malicious macros and infected users’ computers with the latest version of the malware named TrickBot. The malware settles as a legitimate Windows file that runs directly from memory as a DLL. The software runs on the Wermgr.exe extension in this file, so it can perform its task without getting stuck in security programs.
Users who fall victim to the Subway phishing attack need to thoroughly scan their computers with antivirus programs and remove anything that looks harmful.
Here are Methods to Avoid Attacks Like Subway Phishing Spreading Malware:
1. Make sure your email protection systems are working properly.
Phishing emails can now bypass email protection systems. That’s why it’s so important that you regularly test your email protection tools. Using the Email Gap Analysis tools, you can test your email services with various attack vectors and detect damaged spots. Click for more information.
2. Check if your personal information is available over the internet.
Today, anyone can fall victim to phishing attacks, but detecting the damage of these cyberattacks is as important as cybersecurity training. If you think you have fallen victim to a cyberattack, you can find out if there is information about you on the internet with Threat Intelligence tools. The Threat Intelligence tool collects and analyzes information about potential risks that could threaten your security and pose a risk. It tells you about the results. Click for more information.
“This post is originally published at www.phishing.org.uk”