Port 22

Latest Trickbot Campaign Delivered via Highly Obfuscated JS File

We have been tracking Trickbot banking trojan activity and recently discovered a variant of the malware (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.TIGOCDC) from distributed spam emails that contain a Microsoft Word document with enabled macro. Once the document is clicked, it drops a heavily obfuscated JS file (JavaScript) that downloads Trickbot as its payload. This malware also checks for the number of running processes in the affected machine; if it detects that its in an environment with limited processes, the malware will not proceed with its routine as it assumes that it is running in a virtual environment.

The post Latest Trickbot Campaign Delivered via Highly Obfuscated JS File appeared first on .