TrickBot group released new reconnaissance malware LightBot targeting high-value victims

Over the past week, several researchers have spotted a new phishing campaign called LightBot, which was normally used to distribute TrickBot's BazarLoader, has started installing a malicious PowerShell script instead.

LightBot phishing emails pretend to be from the sources such as the legal department notifying users about a customer complaint.

LightBot email contains a link to the Google Drive document. Clicking that link gets the user to the Google Docs page with a disabled preview, making the victim download the document.

The downloaded file is actually a JavaScript file, that is responsible for the LightBot Powershell script launch.

The main function of the LightBot is collecting data about the victim's network to determine if they are high-value enough to be targeted in further campaigns.


Read More

Got Something To Say?

Your email address will not be published.