Quote:Researchers from Cofense have discovered a new malspam campaign that delivers fake eFax messages designed to drop a banking Trojan and RAT cocktail via malicious Microsoft Word document attachments.
The phishing emails that impersonate eFax messages include ZIP archived XLS Microsoft Excel documents with a macro designed to download and launch Dridex and Remote Manipulator System Remote Access Tool (RMS RAT) malicious payloads.
The attackers use the two payloads to perform different tasks: the Dridex banking Trojan to collect credentials from web browsers and to exfiltrate them to their own servers, and the RMS RAT for managing the infected computers.
Cofense's research team also added that "And having both available provides a backup communication channel in case one of the malware families is detected and removed."
Phishing email sample
![[Image: Phishing%20email.jpg]](https://www.bleepstatic.com/images/news/u/1109292/July%202019/Phishing%20email.jpg)
SOURCE: https://www.bleepingcomputer.com/news/se...-messages/
![[-]](https://www.geeks.fyi/images/collapse.png)
