New Case Study: Threat Hunter finds renamed system utilities by file hash to uncover multiple attacks   

Read Case Study


New Trickbot Variant

June 10, 2019

Trickbot is a malware that has been around for a while now but has developed a new delivery system according to Trend Micro. The malware deploys multiple modules into the victim’s computer to steal browser data, system information, login credentials, and banking information. The newly found delivery system uses a “masking” technique that disguises itself as an email from well-known senders that include order information, contact details and social media icons of the legitimate sender. The malicious email includes a tracking link that when clicked on redirects the user to a bogus website disguised to look like the online order. The fake site then downloads a compressed file to the victim’s computer and deploys several algorithms that steal the user’s information.  By using this “masking” technique, the spam email is capable of bypassing spam filters with the use of legitimate URL’s.

Analyst Notes

When a user makes an online purchase, the user should verify all shipping and order information directly from the seller’s website. Most online sellers do send emails for order confirmation and shipping information. When received, the user should log on to the seller’s site to verify and get the shipping information. If a user receives an email that an order has been confirmed but has not made any purchases, the user should immediately be aware that email may be fake and not open it. Verifying with the seller directly should alleviate some of the issues.