TrickBot was first discovered in 2016 and it has remained a continuously active and dangerous malware in the field of cybercrime. Now, this popular malware is back in the action, it has infected around 250 million e-mail accounts and still counting.
According to research agency Deep Instinct, some email accounts belonging to the governments of the US, UK, and Canada have also infected by the TrickBot malware.
How is “TrickBot” Infecting Email Accounts?
The recent addition of a cookie stealing module has made TrickBot more effective and dangerous. It now possesses new cookie stealing capabilities. This new cookie-based module is a malicious email-based infection and distribution module which share its codes signing certificates.
This module is designed to harvest email credentials and accounts. It sends out malicious spam emails from the victim email account and then deletes the sent mail from both the ‘Outbox’ and ‘Trash’ section So that it doesn’t get detected by the user.
Deep Instinct says that this malware campaign is used for various purposes; prorogation and infection, spreading spam for monetization purposes, and harvesting email accounts which can then be traded and used by other campaigns.
After doing an investigation, Deep Instinct found that the infected accounts’ database includes 25 million Gmail accounts, 11 million Hotmail accounts, 19 million Yahoo accounts and millions of email accounts of other providers like AOL, MSN, etc.
It is to be noted that if your device has got infected by Trickbooster then TrickBot will try to download TrickSpammer. TrickSpammer is signed with a valid certificate and once its get downloaded, this malware will start sending out user information to the main server. This information can be now utilized to hack your email account.