US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn security teams to guard against the advanced Trojan malware.
Schemes that employ TrickBot malware are cropping up again in North America, according to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the FBI.
"A sophisticated group of cybercrime actors is luring victims, via phishing emails, with a traffic infringement phishing scheme to download TrickBot," the agencies' note in an advisory on the malware.
TrickBot is an advanced Trojan first identified in 2016. Originally designed as a banking Trojan to steal financial data, it is now a highly modular, multistage malware. Attackers often use TrickBot to drop other malware, such as Ryuk and Conti ransomware, or to serve as an Emotet downloader.
Last year, US Cyber Command and a Microsoft-led private industry group attempted to take TrickBot down; weeks later, researchers noticed a new version being distributed via spam.
In the advisory, agency officials recommend security teams block suspicious IP addresses and train employees on awareness and phishing tactics to guard against Trickbot.
The full advisory can be found here.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024