New Phishing-Based TrickBot Campaign Identified

This week, PhishLabs analysts have detected a new TrickBot campaign that began at approximately 23:30 EST on July 17th, and continued through the evening of July 18th before ending later that night. Thousands of lures were detected, the bulk of which were sent between 12:30 - 15:30 EST on July 18th. But let’s back up a little. In case you missed it first time around, TrickBot is a prominent example of a type of malware known as a Trojan.  Like the Trojan from which it was developed, Dyre, Trickbot is configured to steal banking credentials.  Once a victim's machine is infected, Trickbot sends bank information to criminals through a complex series of events initiated by one click. Once initiated, TrickBot resides in the background, operating as unobtrusively as possible. As a result, many victims are unaware their machine has been infected.
Read more

Third DocuSign Phishing Campaign Identified Linked to Email Database Breach

Since May 9, PhishLabs has tracked multiple phishing campaigns that uses DocuSign branding that lures victims into downloading malicious files.  These campaigns followed a breach of a DocuSign database containing user email addresses.  Each of the campaigns associated with this breach contain similar, yet distinct, characteristics.  The third, and most recent, campaign was launched on May 17. 
Read more