Trickbot which is quite popular trojan and mostly targets financial and banking sectors is back again in news and of course for wrong reasons. Trickbot is a culprit which infects the victim’s computer(it targets Windows) and steals emails and the passwords. It then goes and sends emails from that infected email to the associated address book.
What is Trickbot Malware?
Trickbot is basically a Trojan detected by Malwarebytes and is in circulation since 2016. It mainly targets financial institutions and banks. Besides targeting a wide array of international banks via its webinjects, Trickbot can also steal from Bitcoin wallets.
A cybersecurity firm called Deep Instinct recently reported that they have found the servers which are actively running the malware campaign. The firm has told that they have an evidence that Trickbot has collected some 250 millions of compromised email accounts. They also think that millions of those emails belong to governments in the US and UK, as well as agencies in Canada.
How Trickbot Is Able To Do Mass Level Spamming?
Trickbot although old has now some enhanced capabilities which is now termed as Trickbooster. With this new found ability Trickbot infects the victim’s email and then start sending malicious emails to the address book of the concerned email address. It then smartly deletes the email from the sent items as well as from the trash leaving no evidence whatsoever to make the user suspicious.
As per Techcrunch they first found the malicious activity of Trickbooster on 25th June. Following is the Atttack Flow of Trickbooster
Deep Instinct is still investigating the case and trying to understand the full flow and the process which is employed by Trickbooster.