In the last 24 hours, SophosLabs has uncovered a new email spam attack targeting Italians with a document containing a macro loaded with Trickbot malware. The email takes advantage of COVID-19 fears by offering up a clickable document that allegedly includes a list of precautions to take to prevent infection. Unfortunately, the document is weaponized.
“The cybercriminals behind Trickbot are likely skilled attackers who leverage the concern of the day to scare people into clicking. While this is in Italy now, we would expect a similar attack in other countries where fears of COVID-19 outbreaks are high. The best approach to avoid this type of cyberattack is to turn off macros, be extra cautious about what you click, and delete email that is suspicious or from an unexpected source,” said Chester Wisniewski, principal research scientist, Sophos. “Whenever there is a topic of public interest like COVID-19 or the Australian bush fires, we see cybercriminals try to manipulate our concern into an opportunity. We must stay vigilant and be distrustful of incoming communications during times of crisis and only obtain advice from our public health authorities.”