Popular malware TrickBot is back and this time it has learned some new capabilities like stealing cookies. So far, it has infected around 250 million Gmail accounts.
As per the research firm Deep Instinct, among the affected accounts, some belonging to the governments of the US, the UK, and Canada have also fallen victim to TrickBot.
How Is TrickBot Hacking Accounts?
The new malign ability (called TrickBooster) is used to harvest user credentials and contacts and send out malicious emails from the victim’s email. After that, it deletes the sent mail from both the outbox and the trash section so that the TrickBot cannot be detected by the user.
The malware campaign has various purposes such as “prorogation and infection, spreading spam for monetization purposes, and harvesting email accounts which can then be traded and used by other campaigns.”
The investigation reveals that the database of infected accounts includes around 25 million Gmail accounts, 19 million Yahoo accounts, 11 million Hotmail accounts, and millions of AOL, MSN, and Yahoo.co.uk accounts.
Additionally, if the devices are already infected with TrickBooster, TrickBot will download TrickSpammer, which is signed with a valid certificate. Once downloaded, the malware will send user information to the main server and eventually hack the email accounts.
This isn’t the first time!
TrickBot was first detected back in 2016 when it started out on a malicious path as a financial data thief. However, due to the adaptive and modular nature of the malware, it’s easy to add new abilities to the trojan for the fulfillment of new motives.
TrickBot recently got the ability to steal cookies from websites. Called Cookie Grabber, the new module began stealing cookies from browsers to get hold of user accounts without the need for a password.
First discovered on June 25, the TrickBooster feature in TrickBot has been referred to as one of the most advanced abilities of the malware. With the help of it, TrickBot is now able to perform its task with perfection.