Home » News » Banking Trojan TrickBot learned to spam and has already collected 250 million email addresses

Banking Trojan TrickBot learned to spam and has already collected 250 million email addresses

Malicious program TrickBot, designed to steal credentials and contacts of victims, received an additional module “TrickBooster”.

This module allows sending malicious emails on behalf of an infected user.

“TrickBooster gives TrickBot a highly-effective way to spread infection. By sending emails from trusted addresses within an organization TrickBot increases the odds that a would-be victim will open one of its trojanized attachments”, — writes Forbes IS reviewer Lee Mathews.

At the same time, TrickBot acts very carefully – after sending letters, the malware removes them from the “sent” folder. By doing this, he manages to avoid detection.

Researchers at Deep Instinct, who discovered servers associated with TrickBot spam campaigns, claim that to date, malware operators have managed to collect more than 250 million email addresses.

Among them is considerable amount of Gmail, Yahoo and Hotmail mailboxes, but there are also several emails owned by governmental agencies.

“U.S.-based accounts caught up in TrickBot’s web include staff from the Department of Justice, Department of State, Homeland Security, the Postal Service, as well as the FAA, ATF, IRS and NASA. Email accounts belonging to numerous Canadian and British agencies were also found in the database”, — reported Deep Instinct specialists.

If the user’s computer is already infected with TrickBot, the malware can download the TrickBooster component separately. After that, malware will send a list of victim’s contacts to attackers.


At its core, TrickBot is a banking Trojan. The malware is typically distributed via spearphishing emails — like bogus resumes sent to human resources or invoices sent to accounts staff. Those are typically attached in the form of weaponized Microsoft Word or Excel files.

READ  Researchers discovered serious vulnerability in WP Live Chat Support plugin
[Total: 0    Average: 0/5]

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Scripts for clickjacking detected on sites with a audience of 43 million users

Scripts for clickjacking detected on sites with a total audience of 43 million users per day

For the first time clickjacking attracted the attention of information security experts more than ten …

Vulnerability in Trend Micro

Vulnerability in Trend Micro Password Manager endangers Windows users

SafeBreach researchers found a vulnerability in the Trend Micro Password Manager. Using this security issue, …

Leave a Reply