The sandwich shop "Subway UK" revealed that a violated system used for campaigns marketing is responsible for Phishing emails received by his customers over the weekend. Specifically, Subway UK customers received strange emails from Subcard regarding a Subway order that had been placed. The emails included links to documents that were supposed to be for order confirmation. After security experts analyzed phishing emails, they discovered that they were distributing malicious documents Excel who install the latest version of TrickBot malware on the computers of unsuspecting victims.
TrickBot is a dangerous malware that allows hackers steal stored passwords from a browser, spread over a network, steal browser cookies, RDP, VNC and PuTTY credentials And much more. Worst of all, however, is that TrickBot can provide access to Ryuk / Conti ransomware, which can cause even greater or even irreparable damage to its victims.
The suspicions that Subway UK was breached stemmed from the fact that the emails contained a customer name and used email addresses that some users created specifically for Subway.
In addition, Subway spoke to BleepingComputer to shut down his email system. After sending many emails about the "disruption" observed in his system, he revealed that a server that was responsible for his email campaigns had been compromised and was sending phishing emails.
A Subway spokesman said: "Having investigated the matter, we have no evidence that customer accounts have been breached. However, the system that manages our email campaigns has been compromised, leading to a phishing campaign that included the name and email. The system, however, does not have credit card details. The crisis protocol was launched and the compromised systems were locked. "The security of our customers and their personal data is our top priority and we apologize for any inconvenience this incident may have caused."
Subway UK also began sending emails to affected customers, stating that their first and last name had been exposed as part of attack.
Therefore, if you received this email and accidentally opened the malicious Excel document, you can check for the current version of TrickBot by opening Task Manager and looking for a process named “Reporting problems of Windows". If this procedure is found, click the button "Termination of work", to terminate. Next, perform a thorough scan of your computer using antivirus software and clean up any malware on your device.