Subway UK has disclosed that a hacked system used for marketing campaigns is responsible for the malware-laden phishing emails sent to customers yesterday.
Starting yesterday, Subway UK customers received strange emails from ‘Subcard’ about a Subway order that was placed. Included in the email were links to documents allegedly containing confirmation of the order.
After analyzing these phishing emails, it was discovered that they were distributing malicious Excel documents that would install the latest version of the TrickBot malware.
Source: Bleeping Computer