25 millions devices infected by the Android malware Agent Smith
In the large world of malwares, Trickbot software stands out by its uniqueness. Originally identified in 2016 by cybersecurity experts, this banking and information stealing Trojan continue to operate and still is a serious threat today. The latest research on the malware shows that it has developed new modules that allows it to infect computer systems even more quickly and efficiently through the user's email.
Besides targeting a large number of international banks, Trickbot can also steal from Bitcoin wallets, by injecting code in a webpage its victim visits.
TrickBot typically spreads via malicious email spam emails, saying, for example, that an invoice has been left unpaid, and forces the user to enter its banking information.
Another method implies joining a Microsoft Word document saying “Protected Document” which forces the user, by curiosity, to click on the button “Enable Editing”, and then infect the victim’s machine.
Millions of these stolen email addresses are linked to employees and government agencies in the United-States, according to the cyber security firm Deep Instinct.
TrickBot can steal not only the victim’s list of email contacts but also his or her own e-mail credentials, and sends that information to a malicious server. The data will then be sold and traded later on the dark web.
Once it’s done, the server will send commands to the malware to use the compromised email account to send malicious emails to other email addresses previously harvested, spreading the malicious software and stealing even more data to sell on the dark web.