More than 250 million email accounts may have been hacked and used to spread Trickbot malware on the Internet, according to a survey by digital security firm DeepInstinct. The result of the investigation was released last Friday (12) and indicates that millions of Gmail, Yahoo and Hotmail addresses may have been affected, as well as accounts from governments and public institutions in the United States, United Kingdom and Canada.
New WannaLocker Malware Reaches Mobile Phones and May Steal Bank Data
Trickbot malware has been known to Internet security researchers since 2016, it was "just" a banking trojan. In today's attacks, the virus has gained the infection and distribution module based on email and cookie theft capability. Currently, malware invades the victim's email account to fire spam at their contacts and infect more people and steal bank data. Then erase everything to leave no trace.
How to Remove Virus on an Android Phone
Want to buy a cell phone, TV and other discounted products? Meet the Compare TechTudo
In its investigation into the new malware module and its associated structure, DeepInstincts was able to retrieve a database containing 250 million email accounts collected by TrickBot operators.
The malware-infected machine is instructed to download a distribution program called TrickBooster. This software reports to the command server and sends lists of credentials and email addresses collected from both the address book, inbox, and outbox.
The server then instructs the robot to fire malicious spam emails to these addresses through the victim's account, and soon after erases the records of both sent messages and trash to leave no trace. The strategy may be used to propagate and infect new accounts and spread spam for financial purposes.
DeepInstinct Infographic Shows How Trickbot Works Photo: Spread / DeepInstinct
DeepInstinct's recovered mail base contains millions of addresses from popular providers such as Gmail and Yahoo, but it also has a sizable sample of large government accounts in both the United States and the United Kingdom. Other organizations found include universities in the United Kingdom and Canada, and various provincial agencies in Canada.
"We were able to retrieve a database containing 250 million email accounts collected by TrickBot operators, which were probably also used as malicious delivery and infection target lists. The database includes millions of departmental and government agency addresses. in the US and the UK, "details the company's official note.
The research center also released a list of account numbers that may have been affected by email server:
- Gmail 25 million
- Yahoo 19 million
- Hotmail 11 million
- Aol 7 million
- Msn 3 million
- Yahoo.co.uk 2 million
DeepInstinct researchers say more analysis is being done on Trickbot, but said in an interview with TechCrunch that the incorporation of TrickBooster was "a powerful addition to TrickBot's vast arsenal of tools" given the ability module to avoid detection by most antivirus. As spam sent from a trusted address also increases the chances that infected attachments will be opened by the victims.
Discovered in 2016, Trickbot has presented itself as an ongoing threat in recent years, with great adaptive power in the cybercrime landscape. Once a malware family focused on stealing financial data, Trickbot is now a more sophisticated threat that serves different types of malicious activity.