TrickBot rises from the dead in new campaign that targeted 250M email accounts
In a scene straight out of a zombie television series, the TrickBot malware has risen from the dead with a new attack the may have targeted as many as 250 million email accounts, including those belonging to U.S. government employees.
Season four of TrickBot, as described Friday by researchers at cybersecurity firm Deep Instinct Ltd., is back in the form of a variant that includes a cookie stealing module as well as a malicious email-based infection and distribution module that steals and shares signing certificates.
The latter module is being used in a campaign to harvest email credentials and contacts from a victim’s address book, inbox and outbox, with the added feature of sending out malicious spam emails from a compromised account to infect others. The new TrickBot version also deletes sent messages from both the outbox and trash folder of a victim to hide its presence.
The malware, coming in the form of an email attachment, forces a user to download TrickBooster, malware that reports back to a command-and-control server with details stolen from the victim’s email account.
The new version of TrickBot, which was mostly known for targeting bank and cryptocurrency accounts, is now exclusively all about email harvesting. “We managed to recover a database containing 250 million e-mail accounts harvested by TrickBot operators, which most likely were also employed as lists of targets for malicious delivery and infection,” the security researchers wrote. “The data base includes millions of addresses from government departments and agencies in the U.S. and the U.K.”
The list of U.S. government departments where email accounts have been targeted and possibly compromised in the new TrickBot campaign is not only disturbing but is also why Season 4 of TrickBot is newsworthy.
Email accounts include those from the U.S. Department of Justice; Homeland Security; State; Bureau of Prisons; Social Security Administration; Bureau of Alcohol, Tobacco and Firearms; Internal Revenue Service; Federal Aviation Administration; National Aeronautics and Space Administration; Department of Transportation; and various others.
In an age of paranoia in relation to Huawei Technologies Co. Ltd., TrickBot is potentially stealing confidential information and possibly even state secrets from vital U.S. government agencies.
The security researchers at Deep Instinct said they’re continuing their research and analysis into the new TrickBot attack and are in the process of reporting the details of the attack to relevant authorities.
Photo: U.S. Air Force
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU