The dangerous Trickbot virus is back -
Last October, a coalition of cybersecurity companies managed to partially overturn the infrastructure that caused the Trickbot virus.
Unfortunately, the lull was short-lived, as the malware already appears to be back.
Researchers from the specialist company Menlo Security indicate that they have discovered the characteristic traces of malware in a new phishing campaign.
The virus is hiding in a file attached to an email claiming that its recipient has committed an offense.
Hackers play on fear and urgency so that their targets open the document without verifying the authenticity of the email and thus allow the malware to install itself on their device.
Once opened, the corrupted file will indeed connect to the command server to download Trickbot.
The malware will then retrieve the credentials saved on the machine and resell the stolen information or use it for espionage.
Fortunately, the new phishing campaign based on Trickbot is quite small for the moment, following the dismantling of part of its servers, but it could soon return to its former size.
A malicious campaign against the backdrop of the coronavirus
Originally, Trickbot was a simple Trojan horse, but during its existence it has evolved into what is called a botnet.
This is a collection of thousands of infected devices that hackers can remotely use to attack and take control of other machines.
After that, they can install other malware on the infected devices, including ransomware.
The botnet has been particularly active during the year 2020, surfing the coronavirus pandemic to deceive its victims and infect their machines.
It was mainly used to infiltrate the corporate network to block access and demand ransoms.
Particularly active in 2020, it caught the attention of Microsoft and its partners.
The latter then did everything to harm him.
This is how 120 of its 128 botnet command servers were seized by court decision last October.
Unfortunately, this was not enough.
As early as November, the FBI spotted residues of its activity, as reported by Numerama.
Hackers have indeed managed to get their hands on part of its network and exploit it.
This is how the new phishing campaign based on this botnet was born and continues to be deployed today.
In its report, Menlo Security indicates that the return of Trickbot is so far limited, as is the scale of the phishing campaign which primarily targets American companies in the legal and insurance sectors.
But it is better to be extra careful and beware of emails from unknown senders, even if they require an urgent response or action.
TikTok: A major flaw could have threatened users' phone numbers
New malware targets supercomputers