Hacked Subway UK marketing system used in TrickBot phishing campaign

Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to the customers.

Hackers have compromised a marketing system in Subway UK and used it to send out phishing messages to deliver malware to the customers.

Subway UK customers received emails from ‘Subcard’ about the processing of an alleged Subway order. The malicious emails were including a link to a weaponized Excel document containing confirmation of the order.

The Excel documents would install the latest version of the TrickBot malware that was recently discovered by Advanced Intel’s Vitali Kremez.

Experts from Bleeping Computer reported the suspicious messages to the Subway UK that confirmed a security incident

“We are aware of some disruption to our email systems and understand some of our guests have received an unauthorised email. We are currently investigating the matter and apologise for any inconvenience.” a Subway spokesperson told BleepingComputer. “As soon as we have more information, we will be in touch, until then, as a precautionary measure, we advise guests delete the email.”

The company later disclosed the compromise of a server responsible for their email campaigns.

“Having investigated the matter, we have no evidence that guest accounts have been hacked.  However, the system which manages our email campaigns has been compromised, leading to a phishing campaign that involved first name and email. The system does not hold any bank or credit card details.” confirmed the company.

“Crisis protocol was initiated and compromised systems locked down. The safety of our guests and their personal data is our overriding priority and we apologise for any inconvenience this may have caused,”

Subway immediately started the incident response procedure and started sending out data breach notification emails to the impacted customers. The compromised data include customer’s first name and last name.

At the time of this writing it is not clear how many customers were affected.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Subway UK)

[adrotate banner=”5″]

[adrotate banner=”13″]