malspam email GDS – New Fax Message delivers malware

An email with the subject of GDS – New Fax Message pretending to come from GDS Fax <service@gov-fax.co.uk> with a malicious word doc containing macros which downloads what looks like Trickbot banking Trojan from the IP addresses it connects to, although VirusTotal are showing conflicting detections where a couple are detecting it as Cerber ransomware. I am not seeing the usual hundreds of connections that Cerber traditionally uses. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium … Continue reading →