• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Trickbot Trojan Back from the Dead in New Campaign

You are here: Home / General Cyber Security News / Trickbot Trojan Back from the Dead in New Campaign

Security scientists are warning of a resurgence of prolific Trojan malware Trickbot, which had its infrastructure disrupted by a Microsoft-led coalition late past year.

Menlo Security stated it experienced observed a new malicious spam marketing campaign made to trick North American end users in the authorized and insurance coverage sectors into downloading the Trojan.

Whereas weaponized email attachments ended up a prevalent feature of former Trickbot strategies, this 1 encourages end users to click on on a phishing website link, which redirects them to a compromised server.

✔ Approved Seller by TheCyberSecurity.News From Our Partners
Mcafee Total Protection 2021

Protect yourself against all threads using McAfee. Get McAfee Total Protection with 80% discount from our partner and an certified seller: SerialCart®.

➤ Activate Your Coupon Code


Just after sending users along a redirection chain, they’re finally presented with a web website page warning them that they have been located guilty of an unspecified “traffic infringement.”

A massive download button encourages them to simply click by way of to watch the pictures of their alleged  ‘negligent driving.’

“Clicking on the ‘Download Image Proof’ button, downloads a zip archive with a destructive JavaScript file to the endpoint,” Menlo Security discussed.

“The embedded JavaScript is heavily obfuscated, which has been a TTP usual of the Trickbot malware. If the user opens the downloaded JavaScript file, an HTTP ask for is made to the C&C server to down load the closing malicious binary.”

The first URL and the C&C employed in the marketing campaign are both equally tracked on danger feed URLHaus as being connected with Trickbot, the researchers claimed. Even worse, many of the URLs employed in the attack aren’t yet being detected on VirusTotal, it claimed.

There were being significant hopes soon after Microsoft and other security vendors made use of a US court buy to disable any IP addresses remaining utilized to host the bot, and “block any effort by the Trickbot operators to obtain or lease added servers.”

However, with out arrests of these at the rear of a malicious marketing campaign it is extremely challenging to stop them rebuilding bot infrastructure elsewhere. It stays to be seen whether or not a similar legislation enforcement endeavor to disrupt Emotet just lately will be a lot more profitable.

“Where there is a will, there’s a way. That proverb undoubtedly holds real for the lousy actors powering Trickbot’s functions,” concluded Menlo Security.

“While Microsoft and its partners’ actions had been commendable and Trickbot activity has arrive down to a trickle, the risk actors appear to be to be inspired sufficient to restore operations and dollars in on the existing threat natural environment.”


Some pieces of this post are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Global Government Outsourcer Serco Hit by Ransomware

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • Trickbot Trojan Back from the Dead in New Campaign
  • Global Government Outsourcer Serco Hit by Ransomware
  • Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects
  • Lebanese APT group with suspected links to Hezbollah breached 250 servers worldwide
  • Firms with exposed IoT have a higher concentration of other security problems
  • As SolarWinds spooks tech firms into rechecking code, some won’t like what they find
  • Microsoft 365 Becomes Haven for BEC Innovation
  • WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites
  • Cyber-Cop Charged with Forgery and Bigamy
  • Miss England Held to Ransom by Cyber-attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.