Phishing is being used by attackers to disseminate TrickBot banking Trojan payloads to unsuspecting victims via executables camouflaged as PDF documents. The phishing messages delivered via this malspam campaign use legitimate messages generated by sharing a Google Docs document with the targets, containing a fake 404 error message and a link to the malicious payloads. Once on the landing page, the targets see the fake error and are asked to download the document manually. Instead of the promised document, the victims download the. malicious payload.
Source: https://www.bleepingcomputer.com/news/security/trickbot-bypasses-secure-email-gateway-using-google-docs-phishing/