Wednesday, June 3, 05:17
Home security TrickBot: New feature allows SIM swapping attacks!

TrickBot: New feature allows SIM swapping attacks!

TrickBotThe trojan TrickBot is one of the most active and widespread malware. According to researchers, hackers have improved the trojan to be able to perform "SIMs. swapping attacks».

The new version of TrickBot can steal logon credentials and PINs on behalf of Sprint, T-Mobile and Verizon Wireless.

TrickBot collects data, enabling the hackers perform SIM swapping attackthat is, to transfer the victim's phone number to a SIM card they control themselves.

Through this attack, hackers can bypass SMS-based multi-agent authentication solutions and reset codes access to bank accounts, accounts e-mail or the cryptocurrency exchange portals of the victims.

In the last two years, SIM swapping attacks have become very popular. They are mainly used for theft of money.

Initially, TrickBot was used as a banking trojan but evolved into one Access-as-a-Service model. This means that other hackers can develop maliciously programs on computers that had previously infected TrickBot.

This automatically creates one cooperation between the team behind TrickBot and other criminal groups. This is very worrying because they can join forces to carry out more attacks. For example, TrickBot operators could give other hackers the data they collect to exploit it in other ways.

How do you know if you've been a victim of TrickBot?

It is difficult to see if it has been affected by the malicious software, unless it uses a top antivirus program. However, there are some things that can help you understand if something strange is happening.

TrickBot uses a technique known as "Web injects". Basically, it comes in legally sites that a user visits and installs malicious content.

According to researchers, TrickBot began affecting the Verizon Wireless login page on 5 in August, when it added two new user PINs to the Verizon login form.

Verizon usually does not request this PIN through its website. Therefore, TrickBot was able to steal them credentials and the PIN of the users who made this connection.

The attacks on T-Mobile and Sprint took place on 12 August and 19 August respectively. In these attacks the hackers followed a different process.

They did not add the PIN field to the regular login form, but to a separate page that appeared after the successful login, as shown below.

If users of Sprint, T-Mobile and Verizon Wireless have seen these pages, then most likely computers they have been infected with TrickBot.

If this is the case, they will need to take care of cleaning their computer and changing their credentials and PINs.

TrickBot operators have proven to be ruthless and constantly finding new ways to develop malware, as they have now been enabled to carry out SIM swapping attacks. Therefore, we must be very careful!


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Samsung Access: Samsung's new service for new Galaxy devices!

Samsung has launched a new subscription service for upgrades, starting with the Galaxy S20 series. The new service, named Samsung ...

Microsoft: The tools that will now be available to everyone!

Microsoft now has the "Virtual Assistant Accelerator" and "Bot Framework Composer" tools for its entire user base. Developers can ...

Sony: Cancel PS5 event due to Floyd case!

The event that Sony had planned for the PS5 on June 4 was postponed indefinitely, due to the deplorable situation that prevails ...

Cisco warns: These Nexus switches have been hit by a serious security flaw

Cisco has warned customers with Nexus switches running NX-OS software to install updates to address a serious flaw ...

Windows 10 May 2020 Update: Get Windows 10 for € 9.09

As we all know, Windows 10 May 2020 Update has been released. It is safer, more reliable and more efficient than ever. It is certain that with ...

Anonymous's hack includes data from previous leaks!

As protests over the death of George Floyd in Minneapolis have spread across the United States, cyberattacks have targeted police ...

Critical Exim errors have been fixed, but many servers are still at risk

The update of Exim mail servers is not fast enough and the members of the Russian hacker Sandworm team are actively exploiting three critical ...

New Cisco vulnerability that concerns you!

A new critical Cisco vulnerability has been identified that concerns you: For those who don't know, Cisco recently announced that some of the servers ...

Antifa tweets from extreme rightists call for violence!

The "Antifa tweets" that flooded Twitter and promoted violence, actually came from a well-known far-right group! The information came in ...

Apple introduces the new USB-C Diagnostic Tool

Apple introduces the new USB-C Diagnostic Tool. See the new features: Apple finally brings the new internal USB-C Diagnostic Tool, ...