A recently active malicious campaign baited targets with phishing messages promising annual bonuses to infect them with Trickbot banking Trojan payloads. The campaign’s bait emails were sent using the legitimate SendGrid cloud-based email delivery platform in an attempt to conceal their malicious nature. The attackers employed embedded links to legitimate Google Docs documents that redirected the potential victims to a Google Drive download link. By clicking this link, the targets would be served with a downloader tool designed to drop the final Trickbot payload on the victims’ computers.
Source: https://www.bleepingcomputer.com/news/security/trickbot-trojan-abuses-google-suite-baits-with-annual-bonuses/