VERY IMPORTANT

Trend Micro observed a spike in BazarCall and IcedID activity in March. One thing these two campaigns have in common is the use of spam that lead victims into downloading malicious files. BazarCall takes a more roundabout approach by involving phone calls in its campaigns, while IcedID stole and repurposed real email conversations to make its malicious spam more convincing. Based on separate reports on BazarCall and IcedID, both have been actively distributed through spam campaigns in March. This is also reflected in Trend Micro's own findings.