Researchers have discovered that TrickBot, a credential-theft botnet operated by the Gold Blackburn threat group, has been modified to target mobile device users on Sprint, T-Mobile, and Verizon cellular networks.
The research, conducted by the Counter Threat Unit Research Team at SecureWorks, found that TrickBot is using its traditional techniques — a man-in-the-middle attack that captures a web session, routes it to a command-and-control server where code is injected to request user credentials, then sends the page to the victim — in requests to the websites run by the three cellular networks.
According to the report, the PIN requested by the malicious form indicates that the criminals are interested in perpetrating SIM-swap fraud.
For more, read here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "The Right to Be Patched: How Sentient Robots Will Change InfoSec Management."