A new spear-phishing campaign is attempting to infect PCs with Trickbot, one of the most prevalent and potent forms of malware around today, a joint advisory from the FBI and CISA warned
Trickbot started life as a banking trojan but has become one of the most powerful tools available to cyber criminals, who are able to lease out access to infected machines in order to deliver their own malware – including ransomware. Now comes with phishing emails which claim to contain proof of a traffic violation
Trickbot creates a backdoor onto Windows machines, allowing the attackers to steal sensitive information including login credentials, while some versions of Trickbot are capable of spreading itself across entire networks.
The modular nature of Trickbot means it’s highly customisable, with additional attacks by the malware known to include dropping further malware – such as Ryuk or Conti ransomware – or until recently, serving as a downloader for Emotet malware. Trickbot is also able to exploit infected machines for cryptomining.
Trickbot remains a powerful tool for cyber criminals and a clear danger for enterprises and organisations of all sizes – but there are measures recommended by CISA and the FBI which can be taken in order help protect networks from the malware.
Providing social engineering and phishing email to employees can help them to avoid threats by being wary of certain types of messages.