Microsoft: The biggest risk for businesses is cyberattacks
infosec

Microsoft: The biggest risk for businesses is cyberattacks

According to a survey by Marsh and Microsoft, the biggest threat to businesses is cyberattacks. Nowadays,...
Read More
infosec

How to fix iOS 13 bugs in iPhone Mail app

If you have upgraded to iOS 13, then you may have discovered that the Mail app behaves a bit weird, which is ...
Read More
infosec

Check if your folders have malware with Windows Defender!

Windows comes with a free antivirus program, called Windows Defender, that offers continuous protection as well as the ability to ...
Read More
infosec

TalkTalk hackers have also invaded EtherDelta

US authorities accuse two suspects of hacking EtherDelta (cryptocurrency exchange company) in December ...
Read More
infosec

Hacking Attack on Iran's Oil Infrastructure by America?

Iran denies that its oil infrastructure has been successfully hacked by a government operation, following reports ...
Read More
Latest Posts

TrickBot: New feature allows SIM swapping attacks!

TrickBot

The trojan TrickBot is one of the most active and widespread malware. According to researchers, hackers have improved the trojan to be able to perform "YES swapping attacks».

The new version of TrickBot can steal logon credentials and PINs on behalf of Sprint, T-Mobile and Verizon Wireless.

TrickBot collects data, enabling the hackers perform SIM swapping attackthat is, to transfer the victim's phone number to a SIM card they control themselves.

Through this attack, hackers can bypass SMS-based multi-agent authentication solutions and reset codes access to bank accounts, accounts e-mail or the cryptocurrency exchange portals of the victims.

In the last two years, SIM swapping attacks have become very popular. They are mainly used for theft of money.

Initially, TrickBot was used as a banking trojan but evolved into one Access-as-a-Service model. This means that other hackers can develop maliciously programs on computers that had previously infected TrickBot.

This automatically creates one cooperation between the team behind TrickBot and other criminal groups. This is very worrying because they can join forces to carry out more attacks. For example, TrickBot operators could give other hackers the data they collect to exploit it in other ways.

How do you know if you've been a victim of TrickBot?

It is difficult to see if it has been affected by the malicious software, unless it uses a top antivirus program. However, there are some things that can help you understand if something strange is happening.

TrickBot uses a technique known as «Web injects». Basically, it comes in legally sites that a user visits and installs malicious content.

According to researchers, TrickBot began affecting the Verizon Wireless login page on 5 in August, when it added two new user PINs to the Verizon login form.

Verizon usually does not request this PIN through its website. Therefore, TrickBot was able to steal them credentials and the PIN of the users who made this connection.

The attacks on T-Mobile and Sprint took place on 12 August and 19 August respectively. In these attacks the hackers followed a different process.

They did not add the PIN field to the regular login form, but to a separate page that appeared after the successful login, as shown below.

If users of Sprint, T-Mobile and Verizon Wireless have seen these pages, then most likely computers they have been infected with TrickBot.

If this is the case, they will need to take care of cleaning their computer and changing their credentials and PINs.

TrickBot operators have proven to be ruthless and constantly finding new ways to develop malware, as they have now been enabled to carry out SIM swapping attacks. Therefore, we must be very careful!

How useful was this post?

Average rating / 5. Vote count:

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by
Absent Mia

About Absent Mia

Being your self, in a world that constantly tries to change you, is your greatest achievement

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *