Threat actors are spreading the tricky trojan through fake messages in another opportunistic COVID-19-related campaign, said IBM X-Force. Threat actors using people’s interest in the Department of Labor s Family and Medical Leave Act (FMLA) to spread what appears to be the TrickBot trojan. The campaign follows similar patterns found previously used by TrickBot, such as the Macro on Close function followed by the DocuSign theme.
Source: https://threatpost.com/trickbot-attack-covid-19docusign-themed-malw/155391/