IT Blog


Trickbot Phishing

(Information collected from ZdNet)

A new spear-phishing campaign is attempting to infect PCs with Trickbot, one of the most prevalent and potent forms of malware around today.

Trickbot started life as a banking trojan but has become one of the most powerful tools available to cybercriminals, who are able to lease out access to infected machines in order to deliver their own malware – including ransomware.

Now its authors are using a new tactic to attempt to deliver it to victims, phishing emails that claim to contain a proof of a traffic violation. The hope is that people are scared into opening the email to find out more.

The malicious email contains a link that sends users to a website hosted on a server compromised by the attackers that tell the victim to click on a photo to see proof. When they click the photo, they actually download a JavaScript file that, when opened, connects to a command and control server that will download Trickbot onto their system.

Trickbot creates a backdoor onto Windows machines, allowing the attackers to steal sensitive information including login credentials, while some versions of Trickbot are capable of spreading across entire networks.

The modular nature of Trickbot means it’s highly customizable, with additional attacks by the malware known to include dropping further malware – such as Ryuk or Conti ransomware – or until recently, serving as a downloader for Emotet malware. Trickbot is also able to exploit infected machines for crypto mining.

A coalition of cybersecurity companies attempted to disrupt Trickbot in October last year, but the malware didn’t stay quiet for long, with its cyber-criminal authors quickly able to resume their operations.

Trickbot and other similar treats are popular since last year and there are few measures that we can take to protect your organization.

Providing social-engineering and phishing email training to employees can help them to avoid threats by being wary of certain types of messages.

Organizations should also be implementing a proper cybersecurity program with a formalized security patch management process, so cyberattacks can’t exploit known vulnerabilities to gain a foothold on the network. It’s also recommended that multi-factor authentication is applied across the enterprise, so malware that steals login credentials to move across the network can’t do so as easily.

Leave a Reply

Your email address will not be published. Required fields are marked *