Security researchers observed Trickbot operators using a new backdoor called BazarBackdoor to gain full access to targeted networks. Trickbots attempts to deliver the malware began with a spear phishing campaign. The attack emails leveraged employee termination notices, customer complaints and other themes to trick recipients into clicking on a link for a file hosted on Google Docs. When downloaded, the documents ran hidden executable code to call a loader. This asset remained quiet for a time before connecting with a command-and-control (C&C) server for the purpose.”]