TrickBot group released new reconnaissance malware LightBot targeting high-value victims

Over the past week, several researchers have spotted a new phishing campaign called LightBot, which was normally used to distribute TrickBot's BazarLoader, has started installing a malicious PowerShell script instead. LightBot phishing emails pretend to be from the sources such as the legal department notifying users about a customer complaint. LightBot email contains a link to the Google Drive document. Clicking that link gets the user to the Google Docs page with a disabled preview, making the victim download the document. The downloaded file is actually a JavaScript file, that is responsible for the LightBot Powershell script launch. The main function of the LightBot is collecting data about the victim's network to determine if they are high-value enough to be targeted in further campaigns. Read more...