The British subway market has disclosed that its marketing system has been hacked. Malicious participants are using its marketing system to send customers TrickBot phishing emails containing malware. 
The threat actor successfully accessed the confidential information of British subway customers, such as names and email addresses, by hacking into the daughter card server. When BleepingComputer observed a large-scale phishing campaign targeting British citizens, the campaign was exposed. 
According to the researchers, threat actors are distributing malicious Excel documents to users who will install updated versions of TrickBot into their systems. According to the analysis, the downloaded TrickBot malware is a DLL, which will be inserted directly from the memory into the legitimate problem reporting executable file (wermgr.exe) to avoid being caught by security software, and it looks like it is in task management Real tasks running in the device. 

What is TrickBot? 
Trickbot is a computer Trojan that targets Microsoft or other operating systems to obtain sensitive information and act as an implant program for other malware. Mainly, the malware is configured to send a direct link to the user via email to download the malware from the malicious website and trick the user to open the malware through the attachment. 
It was about yesterday, when Subway UK customers received fake emails from Subway’s “Subcard” about customers placing orders. The email sent to the user contains links to certain documents that appear to confirm the order. 
In recent developments, the TrickBot malware has been observed to expand its arsenal by adding TrickBoot. 
In November, the operator of TrickBot added a new called “LightBot” to its array to check high-value targets in the victim’s network. 
Subway said in a statement to BleepingComputer: “After investigating the incident, we have no evidence that the guest account was hacked. However, the system that manages our email activity has been compromised, resulting in a network involving names and emails. Phishing activity. The system does not store any bank or credit card details.”