UPDATED 23:01 EDT / JULY 14 2019

SECURITY

TrickBot rises from the dead in new campaign that targeted 250M email accounts

In a scene straight out of a zombie television series, the TrickBot malware has risen from the dead with a new attack the may have targeted as many as 250 million email accounts, including those belonging to U.S. government employees.

Season four of TrickBot, as described Friday by researchers at cybersecurity firm Deep Instinct Ltd., is back in the form of a variant that includes a cookie stealing module as well as a malicious email-based infection and distribution module that steals and shares signing certificates.

The latter module is being used in a campaign to harvest email credentials and contacts from a victim’s address book, inbox and outbox, with the added feature of sending out malicious spam emails from a compromised account to infect others. The new TrickBot version also deletes sent messages from both the outbox and trash folder of a victim to hide its presence.

The malware, coming in the form of an email attachment, forces a user to download TrickBooster, malware that reports back to a command-and-control server with details stolen from the victim’s email account.

The new version of TrickBot, which was mostly known for targeting bank and cryptocurrency accounts, is now exclusively all about email harvesting. “We managed to recover a database containing 250 million e-mail accounts harvested by TrickBot operators, which most likely were also employed as lists of targets for malicious delivery and infection,” the security researchers wrote. “The data base includes millions of addresses from government departments and agencies in the U.S. and the U.K.”

The list of U.S. government departments where email accounts have been targeted and possibly compromised in the new TrickBot campaign is not only disturbing but is also why Season 4 of TrickBot is newsworthy.

Email accounts include those from the U.S. Department of Justice; Homeland Security; State; Bureau of Prisons; Social Security Administration; Bureau of Alcohol, Tobacco and Firearms; Internal Revenue Service; Federal Aviation Administration; National Aeronautics and Space Administration; Department of Transportation; and various others.

In an age of paranoia in relation to Huawei Technologies Co. Ltd., TrickBot is potentially stealing confidential information and possibly even state secrets from vital U.S. government agencies.

The security researchers at Deep Instinct said they’re continuing their research and analysis into the new TrickBot attack and are in the process of reporting the details of the attack to relevant authorities.

Photo: U.S. Air Force

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.