TrickBot is the most prolific malware operation using COVID-19 themed lures, Microsoft’s global network of security experts tweeted. The TrickBot malware is showing up in the highest number of unique malicious emails and attachments delivered to potential victims’ inboxes based on Microsoft’s Office 365 Advanced Threat Protection (ATP) data. TrickBot was previously deployed as part of a spam campaign that impersonated a doctor at the WHO to take advantage of the public’s fears surrounding the coronavirus pandemic to target Italians. The macros used by the TrickBot gang are still using a delay before downloading the malicious payloads to evade sandbox analysis.
Source: https://www.bleepingcomputer.com/news/security/microsoft-trickbot-in-hundreds-of-unique-covid-19-lures-per-week/