News

Subway restaurant chain customers received letters with a link to the TrickBot malware

Media reports that the UK subsidiary of Subway has been hit by a hack. The cybercriminals sent malicious emails to Subway customers and members of the Subcard loyalty program, allegedly containing order data, but in fact leading to the download of the TrickBot malware.

Let me remind you that TrickBot is a very dangerous malware that allows stealing saved passwords from the browser, can spread over the network, steal cookies, RDP, VNC and PuTTY credentials, and much more. Even worse, TrickBot may end up giving ransomware operators (like Ryuk or Conti) access to the infected system.

Since strange emails received by users contained real customer names and were directed to email addresses that some had created specifically for Subway, it was immediately suspected that the company had been hacked, and hackers gained access to the system used for marketing campaigns.

TrickBot malware for Subway customers

At first, the company only indirectly confirmed that a hacker attack took place:

“We are aware of some outages in our email systems and we understand that some of our guests have received unauthorized emails. We are currently investigating this issue and apologize for any inconvenience caused.”

However, a bit little later, Subway representatives told reporters that their server associated with mail campaigns had indeed been hacked:

“After investigating the incident, we have no evidence of hacking of our guests’ accounts. However, the system that runs our email campaigns has been compromised, resulting in a phishing campaign that uses the names and email addresses of [our users]. Our system does not store bank account numbers or credit card details”, — Subway representatives write and recommend deleting suspicious letters without opening them.

Subway has already begun sending out data breach emails to affected customers. These messages say that due to the attack, the names and email addresses of users were revealed to outsiders.

It is not yet clear how many people could have been affected by the incident, and whether the hackers could get to any data other than those mentioned above.

Let me remind you that New version of TrickBot malware can interfere with UEFI/BIOS.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button