Zuhause » Nachrichten » Banking-Trojaner TrickBot gelernt, um Spam und hat bereits gesammelt 250 Millionen E-Mail-Adressen

Banking-Trojaner TrickBot gelernt, um Spam und hat bereits gesammelt 250 Millionen E-Mail-Adressen

Malicious program TrickBot, designed to steal credentials and contacts of victims, received an additional module “TrickBooster”.

This module allows sending malicious emails on behalf of an infected user.

“TrickBooster gives TrickBot a highly-effective way to spread infection. By sending emails from trusted addresses within an organization TrickBot increases the odds that a would-be victim will open one of its trojanized attachments”, - schreibt Forbes IS reviewer Lee Mathews.

Zur selben Zeit, TrickBot acts very carefullyafter sending letters, the malware removes them from the “geschickt” Mappe. By doing this, he manages to avoid detection.

Forscher an tief Instinct, who discovered servers associated with TrickBot spam campaigns, claim that to date, malware operators have managed to collect more than 250 Million email addresses.

Among them is considerable amount of Gmail, Yahoo und Hotmail mailboxes, but there are also several emails owned by governmental agencies.

“U.S.-based accounts caught up in TrickBot’s web include staff from the Department of Justice, Department of State, Homeland Security, the Postal Service, as well as the FAA, ATF, IRS and NASA. Email accounts belonging to numerous Canadian and British agencies were also found in the database”, — reported Deep Instinct specialists.

If the user’s computer is already infected with TrickBot, the malware can download the TrickBooster component separately. Nachdem, malware will send a list of victim’s contacts to attackers.

Referenz:

Im Kern, TrickBot is a banking Trojan. The malware is typically distributed via spearphishing emailslike bogus resumes sent to human resources or invoices sent to accounts staff. Those are typically attached in the form of weaponized Microsoft Word or Excel files.

Über Trojan Mörder

Tragen Sie Trojan Killer-Portable auf Ihrem Memory-Stick. Achten Sie darauf, dass Sie in der Lage sind, Ihr PC keine Cyber-Bedrohungen widerstehen zu helfen, wo immer Sie sind.

überprüfen Sie auch

MageCart auf der Heroku Cloud Platform

Die Forscher fanden mehrere MageCart Web Skimmer Auf Heroku Cloud Platform

Forscher an Malwarebytes berichteten über mehr MageCart Web-Skimmer auf der Heroku Cloud-Plattform zu finden, …

Android Spyware CallerSpy

CallerSpy Spyware Masken als Android-Chat-Anwendung

Trend Micro Experten entdeckt die Malware CallerSpy, die Masken als Android-Chat-Anwendung, und, …

Hinterlasse eine Antwort