The infamous TrickBot financial Trojan is a very active and ever-changing one that continues to make its way around the globe. IBM X Force Research has recently discovered that it not only is targeting major banks, but now can also empty crypto-wallets of all the accumulated currency. It doesn’t stop there, however. It can now steal Outlook email messages and information from browsers as well. This version is being propagated through phishing email messages as well as through websites.
Earlier this summer, this Trojan was being sent in spam campaigns at the rate of 75,000 in a mere 25 minutes. It tricked customers of the UK’s Lloyds Bank out of login credentials by using legitimate security certificates and website addresses that were so close to the actual ones, that it was nearly impossible to identify them as imposters.
Regardless of where email messages originate, always pay attention to where any links may be taking you. If you need to check something in any of your online accounts, log into them directly from the websites and verify there. Don’t click links or attachments or panic because an email claims you will be locked out of your account or poses some other threat.
If you don’t know the sender, it’s good practice to never click links or attachments anyway. And if you get an email from Aunt Martha that has a short “Hey, look at this” type of message with just a link, it should be deleted right away. It’s unlikely Aunt Martha would send such an obscure note. If you want to be sure not to offend her by trashing it without looking, pick up the phone and call her first to confirm she did intend to send it to you.
This malware is also now being delivered via fake websites. So, pay close attention when typing addresses into browsers so you don’t set it loose that way either. TrickBot is being sent at a rate of 40 million email messages per week and is targeting financial institutions in over 40 countries.
© Copyright 2017 Stickley on Security