Notorious malware Trickbot has been linked to more COVID-19 phishing emails than any other, according to new data from Microsoft.
The Microsoft Security Intelligence Twitter account made the claim on Friday.
“Based on Office 365 ATP data, Trickbot is the most prolific malware operation using COVID-19 themed lures,” it said. “This week’s campaign uses several hundreds of unique macro-laced document attachments in emails that pose as messages from a non-profit offering a free COVID-19 test.”
Microsoft has been providing regular updates through the current crisis as organizations struggle to securely manage an explosion in home working while cyber-criminals step up efforts to exploit stretched IT security teams and distracted employees.
As such, attacks seem to be focused on the classic combination of email and social engineering/phishing to harvest user credentials, spread malware and attempt extortion and BEC.
Trickbot started life as a banking Trojan but is often used in attacks to drop additional malware like ransomware, VNC clients and remote access malware.
However, despite the eye-catching headlines, Microsoft claimed earlier this month that overall cybercrime levels haven’t spiked as a result of the pandemic. Black hats are merely diverting resources and renaming existing campaigns with COVID-19 lures, it said.
The tech giant claimed that only 60,000 of millions of daily phishing emails it detects have COVID-19-themed malicious attachments or URLs, which is less than 2% of the total volume of threats the firm tracks each day.
In an update last week, Google echoed the message that many of the threats it is detecting are not new but simply rebranded with coronavirus themes.
However, it claimed to be blocking 240 million COVID-19 spam messages each day for customers, plus 18 million malware and phishing emails.