HomesecurityTrickBot: New feature allows SIM swapping attacks!

TrickBot: New feature allows SIM swapping attacks!

TrickBotThe trojan TrickBot is one of the most active and widespread malware. According to researchers, hackers have improved the trojan to be able to carry out "SIM swapping attacks".

The new version of TrickBot can steal login credentials and PIN codes for accounts of Sprint, T-Mobile and Verizon Wireless.

TrickBot collects data, which enable the hackers carry out SIM swapping attack, i.e. to transfer a victim's phone number to a SIM card that they control themselves.

Through this attack, hackers can bypass SMS-based multi-factor authentication solutions and proceed to reset the codes access to bank accounts, bank accounts email or the victims' cryptocurrency exchange portals.

In the last couple of years, SIM swapping attacks have become very popular. They are mainly used to theft of money.

Originally, TrickBot was used as a banking trojan but it evolved into a Access-as-a-Service model. This means that other hackers can develop malicious programs on computers previously infected by TrickBot.

This automatically creates a Cooperation between the group behind TrickBot and other criminal groups. This is very worrying because they may join forces to carry out bigger attacks. For example, the TrickBot operators could give other hackers the data they collect to exploit it in other ways.

How do you know if you have been a victim of TrickBot?

It is difficult to tell if you have been affected by the malicious Software, unless it uses a top virus detection program. However, there are a few things that can help to tell if something strange is going on.

TrickBot uses a technique known as "web injects". Essentially, it enters into legal sites that a user visits and installs malicious content.

According to researchers, TrickBot began affecting the Verizon Wireless login page on August 5, when it added two new fields for users' PIN code to the Verizon login form.

Verizon does not usually request this PIN through its website. Therefore, the TrickBot was set to steal the credentials and the PIN code of the users who logged in this way.

The attacks on T-Mobile and Sprint took place on 12 August and 19 August respectively. In these attacks the hackers followed a different process.

They did not add the PIN field to the regular login form, but on a separate page that appeared after the successful login, as shown below.

If Sprint, T-Mobile and Verizon Wireless users have seen these pages, then probably the computers have been infected with TrickBot.

If this has happened, they will have to take care of cleaning their computer and changing their credentials and PINs.

TrickBot's operators have proven to be ruthless and are constantly finding new ways to evolve the malware, such as now enabling it to carry out SIM swapping attacks. Therefore, we must be very careful!

Absenta Mia
Absenta Mia
Being your self, in a world that constantly tries to change you, is your greater achievement

Subscribe to the Newsletter

* indicates required