Massive Subway UK phishing attack is pushing TrickBot malware By 08:41 AM A massive phishing campaign pretending to be a Subway order confirmation is underway distributing the notorious TrickBot malware. TrickBot is a trojan malware infection commonly distributed through phishing campaigns or installed by other malware. Even worse, TrickBot partners with ransomware operators, such as Ryuk, to access a compromised network to deploy ransomware. Subway phishing campaign is highly targeted Today, BleepingComputer was alerted by security researcher TheAnalyst of a new phishing campaign pretending to be Subway order confirmations targeting people from the United Kingdom. What is concerning about these phishing emails is that they include the user's first name, and some users are reporting they are being sent to emails only used for Subway. This attack may indicate a data breach at Subway UK that allowed the threat actors to gain access to customer's names and email addresses.