TA505 phishing campaign uses HTML redirectors to spread info stealer

From scmagazine.com

The fairly convincing phishing scam is being hosted on a compromised EA Games server.

The cybercriminal group TA505 has reportedly changed up its tactics again, now engaging in phishing campaigns that leverage attachments with HTML redirectors in order to deliver Excel documents containing malware.

Following a short period of inactivity, the group, resumed activities last month with a scheme designed to get victims to install the information-stealing Trojan GraceWire, according to experts with the Microsoft Security Intelligence team. The threat actor is known for spreading Dridex, TrickBot and Locky malware, and is widely considered synonymous with the alleged Russian cybercriminal outfit Evil Corp.

Read more…