November 19, 2019 News Magazine

TrickBot malware learns how to spam, ensnares 250M email addresses

Old bot, new tricks.

TrickBot, a financially motivated malware in wide circulation, has been observed infecting victims’ computers to steal email passwords and address books to spread malicious emails from their compromised email accounts.

The TrickBot malware was first spotted in 2016 but has since developed new capabilities and techniques to spread and invade computers in an effort to grab passwords and credentials — eventually with an eye on stealing money. It’s highly adaptable and modular, allowing its creators to add in new components. In the past few months it’s adapted for tax season to try to steal tax documents for making fraudulent returns. More recently the malware gained cookie stealing capabilities, allowing attackers to log in as their victims without needing their passwords.

With these new spamming capabilities, the malware — which researchers are calling “TrickBooster” — sends malicious from a victim’s account then removes the sent messages from both the outbox and the sent items folders to avoid detection.

Researchers at cybersecurity firm Deep Instinct, who found the servers running the malware spamming campaign, say they have evidence that the malware has collected more than 250 million email addresses to date. Aside from the massive amounts of Gmail, Yahoo, and Hotmail accounts, the researchers say several U.S. government departments and other foreign governments — like the U.K. and Canada — had emails and credentials collected by the malware.

“Based on the organizations affected it makes a lot of sense to get as widely spread as possible and harvest as many emails as possible,” Guy Caspi, chief executive of Deep Instinct, told TechCrunch. “If I were to land on an end point in the U.S. State department, I would try to spread as much as I can and collect any address or credential possible.”

If a victim’s computer is already infected with TrickBot, it can download the certificate-signed TrickBooster component, which sends lists of the victim’s email addresses and address books back to the main server, then begins its spamming operating from the victim’s computer.

The malware uses a forged certificates to sign the component to help evade detection, said Caspi. Many of the certificates were issued in the name of legitimate businesses with no need to sign code, like heating or plumbing firms, he said.

The researchers first spotted TrickBooster on June 25 and was reported to the issuing certificate authorities a week later which revoked the certificates, making it more difficult for the malware to operate.

After identifying the command and control servers, the researchers obtained and downloaded the 250 million cache of emails. Caspi said the server was unprotected but “hard to access and communicate with” due to connectivity issues.

The researchers described TrickBooster as a “powerful addition to TrickBot’s vast arsenal of tools,” given its ability to move stealthily and evade detection by most antimalware vendors, they said.


Source: TechCrunch

Tags: in Uncategorized
Banner
Related Posts

Google Assistant gets more personalized through a new ‘Picks for You’ feature

May 7, 2019

May 7, 2019

In addition to Google’s plan to bring a more powerful, next-generation Google Assistant to Pixel phones, the company also introduced...

Flexible housing startup Anyplace raises $2.5M

June 3, 2019

June 3, 2019

Anyplace, a startup offering furnished rooms and apartments to anyone who’s not interested in signing a long-term lease, is announcing...

Checking in on the state of ISAs

October 7, 2019

October 7, 2019

Income share agreements (ISAs) rose to public awareness this year — if measured in press articles and discussion on “VC...

Canonical’s Mark Shuttleworth on dueling open-source foundations

April 29, 2019

April 29, 2019

At the Open Infrastructure Summit, which was previously known as the OpenStack Summit, Canonical founder Mark Shuttleworth used his keynote...

Researchers find thriving Facebook cybercrime groups with 385,000 total members

April 5, 2019

April 5, 2019

You might be surprised what you can buy on Facebook, if you know where to look. Researchers with Cisco’s Talos...

Startups Weekly: Will the Seattle tech scene ever reach its full potential?

May 4, 2019

May 4, 2019

Greetings from Seattle, the land of Amazon, Microsoft, two of the world’s richest men and some startups. I’m always surprised...

LittleBits and Disney launch Snap the Gap to teach girls STEM

April 2, 2019

April 2, 2019

LittleBits, Disney and UC Davis announced this morning that they’ve joined forces for the launch of Snap the Gap. The...

The Google Assistant can now control your Xbox One

September 26, 2019

September 26, 2019

It wasn’t so long ago that Microsoft was betting heavily on its Cortana digital assistant. That’s a bet that didn’t...

Spotify needs to crack down on labels snatching user data

June 28, 2019

June 28, 2019

Spotify seems to have learned little from the Facebook developer platform’s scandals despite getting a huge boost from the social...

Here are the trailers from Ubisoft’s E3 press conference

June 10, 2019

June 10, 2019

For a press conference that spent most of the first half on a single title (Watch Dogs: Legion), Ubisoft’s E3...

Adobe brings its Premiere Rush video editing app to Android

May 21, 2019

May 21, 2019

Adobe launched Premiere Rush, its newest all-in-one video editing tool that is essentially a pared-down version of its flagship Premiere...

This neural network detects whether faces have been Photoshopped

June 14, 2019

June 14, 2019

Using Photoshop and other image manipulation software to tweak faces in photos has become common practice, but it’s not always...

Via is launching an on-demand public transit network in the city of Cupertino

October 7, 2019

October 7, 2019

Shuttle startup Via and the city of Cupertino are launching an on-demand public transportation network, the latest example of municipalities...

Startups Weekly: Will Trump ruin the unicorn IPOs of our dreams?

January 12, 2019

January 12, 2019

The government shutdown entered its 21st day on Friday, upping concerns of potentially long-lasting impacts on the U.S. stock market....

Bird-owned Scoot deploys new electric mopeds

October 22, 2019

October 22, 2019

Scoot, owned by Bird, has just unveiled what it’s calling the Scoot Moped. At first glance, it appears to be...

Comments
Leave a Reply

Your email address will not be published. Required fields are marked *