Threat Watch

New Trickbot Variant

Trickbot is a malware that has been around for a while now but has developed a new delivery system. The malware deploys multiple modules into the victim’s computer to steal browser data, system information, login credentials, and banking information. The new delivery system found uses a “masking” technique that disguises itself as an email from well-known senders that include order information, contact details and social media icons of the legitimate sender. The malicious email includes a tracking link that when clicked on redirects the user to a bogus website disguised to look like the online order. The fake site then downloads a compressed file to the victim’s computer and deploys several algorithms that steal the user’s information.  By using this “masking” technique the spam email is capable of bypassing spam filters with the use of legitimate URL’s.

ANALYST NOTES

When a user makes an online purchase, the user should verify all shipping and order information directly from the seller’s website. Most online sellers do send emails for order confirmation and shipping information. When received, the user should log on to the seller’s site to verify and get the shipping information. If a user receives an email that an order has been confirmed but has not made any purchases, the user should immediately be aware that email may be fake and not open it. Verifying with the seller directly should alleviate some of the issues.