Beware of any Google Doc emails you receive. Cyber attackers are using the word processing program for a phishing scam that disseminates TrickBot malware.
Take extra caution if you receive a Google Docs document sharing email in the near future — it may be a phishing email.
Cofense, a computer and network security company that specializes in phishing scams and data protection, has recently revealed a new cyberattack, which uses Google Docs as its “Trojan horse.”
The scam plays out like this:
1. A user receives a Google Docs document sharing email. The document looks legitimate, and indeed, it is legitimate. Google Docs generates such emails when one user wants to share a Google Docs file with another user.
The text in the email states:
“Have you already received documentation I’ve directed you recently? I am sending them over again.”
2. The email also receives a new button (added by the attackers), which says “Open in Docs.” This button, when clicked on, redirects the user to a new Google Docs landing page.
3. Once the user has arrived on the landing page, they’ll see an error message. This message is fake and says “404 error.”
The idea is to get the user to believe that there was an initial error with the document download and to have them click on a malicious download link — one created by the attackers.
4. The user will click on this link, which is actually the payload of the malware. It’s the malicious software, which will corrupt the computer once downloaded.
The download link appears to be legitimate. In fact, it looks like a PDF document and even has an extension of “.pdf” like a legitimate file. The attackers engineered this extension by taking advantage of the fact that known file type extensions are hidden in Windows (as a default measure). Furthermore, they use a PDF icon as the malware program’s icon, even though the program is not a PDF at all.
5. Once the file has been clicked on and downloaded, the malicious software will begin doing its dirty work on the target’s computer. In this case, the malware is called TrickBot, and it’s an extremely popular and dangerous banking Trojan.
As soon as its executed, TrickBot gets to work and continues being highly active at corrupting its host device. It will begin to copy itself repeatedly onto the device — once every 11 minutes for 414 days. If allowed to run, it will also begin launching an increasing number of Svchost processes.
TrickBot is a type of malicious software and also goes by the name of TheTrick, TrickLoader, and Trickster.
Discovered in October of 2016, TrickBot is ever-evolving. It has been updated and upgraded continually over the past several years and continues to be a menace used in phishing scams.
TrickBot was originally a type of banking Trojan, and it still is, but it now also has the ability to drop additional malware wherever it lands. As a type of banking Trojan, the main goal of TrickBot has been to obtain sensitive financial information from host devices.
Basically, anything sensitive would be sucked up by TrickBot and delivered back to the source who disseminated it. When TrickBot is on your devices, it can obtain things such as login information for the financial institutions you visit online and drop additional malware such as the equally popular Emotet.
TrickBot can even drop ransomware onto a device. If this occurs, sensitive data and system access may be locked up and/or blocked off. A message will be sent to the device user that their data and/or system access is being held for ransom. Unless the user pays a large sum of money, their data will be lost forever.
Phishing scams remain the chief way that cyber attackers corrupt files, filch information, and steal finances. A phishing scam almost always comes in the form of an email (although such scams can also be operated over the phone).
The goal of a phishing email is to first get the recipient to believe it is legitimate. Therefore, it will be appear to be from a source such as Google Docs, a bank, the IRS, or even a co-worker. The next step is to get the recipient to click on a link, download an attachment, or take another such action, which will inevitably lead to the launch of malicious software.
The best way to protect yourself and your company from phishing scams is to have the appropriate security software and hardware measures in place. Additionally, all employees must be continually educated on how to avoid falling victim to a phishing scam and on trending phishing attacks.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.