Monday, February 22, 08:21
Home security Distribute Trickbot through a phishing campaign for Black Lives Matter

Distribute Trickbot through a phishing campaign for Black Lives Matter

Black Lives Matte

These days it takes place one by one Phishing campaign who sends emails to victims and asks to vote anonymously for "Black Lives Matter". The purpose of phishing emails is to distribute them TrickBot malware.

TrickBot started out as a bank Trojan, but has now evolved a lot and is used in various ways businesses For the purpose of information theft.

Malware can spread on the network of the victim and steal stored credentials, Active Directory databases, cookies, keys OpenSSH, RDP, VNC, PuTTY credentials and more.

TrickBot is used frequently in combination with other malware and especially with ransomware. It is used in the first phase, to give access in a breached network for the development of ransomware.

Exploitation of the "Black Lives Matter" movement for phishing and distribution of TrickBot

A common tactic of hackers is use of current events as bait to deceive people and make them open phishing emails.

This tactic is followed by this phishing campaign, which was discovered by the security company The phishing emails say that they come from the "Administration of the country" and ask the recipients to "Vote anonymously for the Black Lives Matter".

The following email says: "Leave a review, confidentially, for Black Lives Matter", and then ask recipients to fill out an attachment with the name “E-vote_form_3438.doc” and send it back.


When the victims open the Word document, they will see a message that says they should click on “Activate editing" and "Content activation", To see the contents correctly.


If they click on the above, the Word document will run macros, which will download one malicious DLL at computer.

This DLL is the TrickBot trojan which, when executed, will begin to steal archives, passwords, keys security etc. It will also spread throughout network and may allow other criminals to install ransomware.

TrickBot is very dangerous. Therefore, we must all be extremely careful with the emails we receive, especially the ones we have political or social motives, as it may be malware.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...