Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Massive Subway UK Phishing Attack Is Pushing TrickBot Malware

Massive Subway UK Phishing Attack Is Pushing TrickBot Malware

A massive phishing campaign pretending to be a Subway order confirmation is underway distributing the notorious TrickBot malware.

TrickBot is a trojan malware infection commonly distributed through phishing campaigns or installed by other malware.

When installed, TrickBot performs a variety of malicious behavior, including spreading through a network, stealing saved credentials in browsers, stealing Active Directory Services databasesstealing cookies and OpenSSH keysstealing RDP, VNC, and PuTTY Credentials, and much more.

Even worse, TrickBot partners with ransomware operators, such as Ryuk, to access a compromised network to deploy ransomware.

Subway phishing campaign is highly targeted

Today, BleepingComputer was alerted to a new phishing campaign pretending to be Subway order confirmations targeting people from the United Kingdom.

Also Read: How Formidable is Singapore Cybersecurity Masterplan 2020?

What is concerning about these phishing emails is that they include the user’s first name, and some users are reporting they are being sent to emails only used for Subway. This attack may indicate a data breach at Subway UK that allowed the threat actors to gain access to customer’s names and email addresses.

In an statement to BleeingComputer, Subway stated that they are investigating a disruption to their system. 

“We are aware of some disruption to our email systems and understand some of our guests have received an unauthorised email. We are currently investigating the matter and apologise for any inconvenience. As soon as we have more information, we will be in touch, until then, as a precautionary measure, we advise guests delete the email,” Subway told BleepingComputer in a statement  

The Subway phishing emails are using email subjects such as “Your order is being processed” and “We’ve received your order,” and state that it is from Subcard ([email protected]), as shown below.

These emails are odd as they tell the user to click on various links as their “order documents are ready and awaiting confirmation.” That seems like a lot of work to order a sandwich.

Subway phishing email
Source: Twitter

These links lead to various hacked websites that will bring you to a ‘FreshBooks’ phishing page when clicked on. Clicking on any of the links on this landing page will download an Excel spreadsheet.

FreshBooks phishing landing page

Depending on the variant of the phishing email you received, the Excel spreadsheet may be password protected. Once the password is entered, a fake and malicious DocuSign phishing attachment will be displayed. This document states that there is a problem previewing the document, and you need to click on ‘Enable Editing’ and ‘Enable Content’ to view it.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

Malicious Excel document

If a recipient enables the content, it will also enable malicious macros embedded in the Excel spreadsheet that download and install the latest version of the TrickBot malware.

The downloaded TrickBot malware is a DLL [VirusTotal] that will be injected into the legitimate Windows wermgr.exe (Windows Problem Reporting) executable directly from memory using code from the ‘MemoryModule‘ project.

By running within Wermgr.exe, it may be to evade detection by security software and will look like a legitimate process in Task Manager.

If you have received this email and accidentally downloaded and opened the malicious document, make sure you perform a thorough scan of your computer using antivirus software and clean anything that is found.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us