July 21, 2019 News Magazine

TrickBot malware learns how to spam, ensnares 250M email addresses

Old bot, new tricks.

TrickBot, a financially motivated malware in wide circulation, has been observed infecting victims’ computers to steal email passwords and address books to spread malicious emails from their compromised email accounts.

The TrickBot malware was first spotted in 2016 but has since developed new capabilities and techniques to spread and invade computers in an effort to grab passwords and credentials — eventually with an eye on stealing money. It’s highly adaptable and modular, allowing its creators to add in new components. In the past few months it’s adapted for tax season to try to steal tax documents for making fraudulent returns. More recently the malware gained cookie stealing capabilities, allowing attackers to log in as their victims without needing their passwords.

With these new spamming capabilities, the malware — which researchers are calling “TrickBooster” — sends malicious from a victim’s account then removes the sent messages from both the outbox and the sent items folders to avoid detection.

Researchers at cybersecurity firm Deep Instinct, who found the servers running the malware spamming campaign, say they have evidence that the malware has collected more than 250 million email addresses to date. Aside from the massive amounts of Gmail, Yahoo, and Hotmail accounts, the researchers say several U.S. government departments and other foreign governments — like the U.K. and Canada — had emails and credentials collected by the malware.

“Based on the organizations affected it makes a lot of sense to get as widely spread as possible and harvest as many emails as possible,” Guy Caspi, chief executive of Deep Instinct, told TechCrunch. “If I were to land on an end point in the U.S. State department, I would try to spread as much as I can and collect any address or credential possible.”

If a victim’s computer is already infected with TrickBot, it can download the certificate-signed TrickBooster component, which sends lists of the victim’s email addresses and address books back to the main server, then begins its spamming operating from the victim’s computer.

The malware uses a forged certificates to sign the component to help evade detection, said Caspi. Many of the certificates were issued in the name of legitimate businesses with no need to sign code, like heating or plumbing firms, he said.

The researchers first spotted TrickBooster on June 25 and was reported to the issuing certificate authorities a week later which revoked the certificates, making it more difficult for the malware to operate.

After identifying the command and control servers, the researchers obtained and downloaded the 250 million cache of emails. Caspi said the server was unprotected but “hard to access and communicate with” due to connectivity issues.

The researchers described TrickBooster as a “powerful addition to TrickBot’s vast arsenal of tools,” given its ability to move stealthily and evade detection by most antimalware vendors, they said.


Source: TechCrunch

Tags: in Uncategorized
Banner
Related Posts

One of NASA’s robotic astronaut helpers just flew on its own in space for the first time

June 20, 2019

June 20, 2019

NASA’s very own free-floating Companion Cube equivalent took its own first tentative ‘steps’ in space today, demonstrating its ability to rotate...

Softbank and Toyota-backed mobility venture gains five more automakers

June 29, 2019

June 29, 2019

MONET Technologies, a joint venture launched by Softbank and Toyota to provide on-demand mobility services eventually with an autonomous module...

Go-Jek’s Get app officially launches in Thailand as Southeast Asia expansion continues

February 28, 2019

February 28, 2019

Go-Jek is extending its reach in Southeast Asia after its Thailand-based unit made its official launch, which included the addition...

Leica’s Q2 is a beautiful camera that I want and will never have

March 8, 2019

March 8, 2019

Leica is a brand I respect and appreciate but don’t support. Or rather, can’t, because I’m not fabulously rich. But...

Startup Law A to Z: Corporate Matters

February 19, 2019

February 19, 2019

Founders are a special breed — independent, self-reliant, and resourceful. Yet these same attributes, critical in taking an idea from...

Food delivery startup Dahmakan eats up $5M for expansion in Southeast Asia

May 22, 2019

May 22, 2019

It’s harvest season for Southeast Asia’s full-stack food delivery startups. Following on from Singapore’s Grain raising $10 million, so Malaysia-based...

The boring genius of how Atrium kills legal busy work

June 20, 2019

June 20, 2019

Law firms have little incentive to build or buy software that will save their lawyers time since they often bill...

Google recalls its Bluetooth Titan Security Keys because of a security bug

May 15, 2019

May 15, 2019

Google today disclosed a security bug in its Bluetooth Titan Security Key that could allow an attacker in close physical...

Fitbit’s Inspire will replace the Alta, Zip, One and Flex 2 devices

March 6, 2019

March 6, 2019

The Inspire’s mere existence isn’t news in and of itself. The device was actually announced a couple of weeks back....

Colin Angle will be speaking at TC Sessions: Robotics + AI April 18 at UC Berkeley

March 7, 2019

March 7, 2019

Earlier this week, we added Anthony Levandowski to a growing list of headliners that already includes Marc Raibert, Melonee Wise...

500 Startups Japan becomes Coral Capital with a new $45M fund

March 5, 2019

March 5, 2019

The 500 Startups Japan crew is going independent. The VC firm announced a $30 million fund in 2015, and now...

Destiny 2 goes free to play and gains cross-saving on all platforms

June 6, 2019

June 6, 2019

Bungie aims to fortify the popular but flagging Destiny 2 with an expanded free-to-play plan and universal cross-platform saving, the...

Zimbabwe’s government faces off against its tech community over internet restrictions

January 24, 2019

January 24, 2019

Jake Bright Contributor Jake Bright is a writer and author in New York City. He is co-author of The Next...

Accenture announces intent to buy French cloud consulting firm

April 9, 2019

April 9, 2019

As Google Cloud Next opened today in San Francisco, Accenture announced its intent to acquire Cirruseo, a French cloud consulting...

Google’s big VR news is that there is no VR news

May 7, 2019

May 7, 2019

Google seems to be waking up from its VR daydream. The company’s ambitious plans to leverage the smartphones that people...

Comments
Leave a Reply

Your email address will not be published. Required fields are marked *