SendGrid’s email delivery platform has been abused by bot operators running a scam campaign.
The company has reacted quickly, “taking down and mitigating the detected malicious links,” writes Security Boulevard.
SendGrid spokespersons had not responded to a request for comment at deadline.
Detected by PhishLabs, the campaign targets employees at multiple companies. It serves up Trickbot, a successor to the Dyre Banking Trojan, Security Boulevard continues.
The SendGrid infrastructure is being utilized for its domain and link reputation, it adds.
Security Boulevard observes that it is “increasingly common to see mail delivery providers being abused for their reputation and obscuring of the link.”
Users who click on the SendGrid links are taken to Google Docs, which urges the intended victim to download a document containing “.exe file which, when detonated, attempts to install Trickbot,” Security Boulevard reports.