Trickbot is a malware that has been around for a while now but has developed a new delivery system. The malware deploys multiple modules into the victim’s computer to steal browser data, system information, login credentials, and banking information. The new delivery system found uses a “masking” technique that disguises itself as an email from well-known senders that include order information, contact details and social media icons of the legitimate sender. The malicious email includes a tracking link that when clicked on redirects the user to a bogus website disguised to look like the online order. The fake site then downloads a compressed file to the victim’s computer and deploys several algorithms that steal the user’s information. By using this “masking” technique the spam email is capable of bypassing spam filters with the use of legitimate URL’s.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is