This infamous malware accidentally tattles on its own creators null
Developers of the infamous TrickBot banking trojan have accidentally coded in a feature that alerts infected users to its presence on their device.
Traditionally, TrickBot malware is distributed via phishing campaigns and operates stealthily on an infected machine, scraping credentials, stealing from cryptocurrency wallets and opening the door to secondary attacks.
It was also recently found to contain a mechanism that checks the victim’s screen resolution to determine whether it is running in a virtual machine, allowing operators to hinder the attempts of researchers to analyze the malware.
However, according to security researcher Vitali Kremez of Advanced Intel, the TrickBot creators are accidentally circulating a version that serves a warning message to users whose credentials have been stolen, thereby alerting them to the infection.
TrickBot malware
Kremez believes TrickBot’s “grabber” module is responsible for the alert, designed to scrape saved passwords and cookies from popular web browsers, including Chrome, Firefox, Internet Explorer and Edge.
When working as intended, the module allows TrickBot to stealthily lift login credentials and gain access to the victim’s online accounts – including social media, email, online retailers etc. – but in this instance accidentally reports the malicious activity to the victim.
“Warning – you see this message because the program named grabber gathered some information from your browser,” reads the pop-up alert.
“If you do not know what is happening it is the time to start be worrying (sic). Please, ask your system administrator for details.”
According to Kremez, the module is “coded in the same fashion” as the wider TrickBot malware, suggesting the same developers are responsible. The only explanation for this eccentricity, he claims, is that the creators forgot to remove the self-reporting functionality when a new test build went live.
Users served the error message are advised to disconnect from the internet and scan their machine using antivirus software. Once any malware has been removed, users should change all passwords for accounts logged into via the affected browser.
Developers of the infamous TrickBot banking trojan have accidentally coded in a feature that alerts infected users to its presence on their device. Traditionally, TrickBot malware is distributed via phishing campaigns and operates stealthily on an infected machine, scraping credentials, stealing from cryptocurrency wallets and opening the door to secondary…
Recent Posts
- A battle might be brewing as talks swirl of OpenAI working on a search engine to challenge Google’s dominance
- Multibillion-dollar Apple deal looms large in Google antitrust trial
- Everything new on Netflix in May 2024
- The Morning After: Peloton’s grim post-pandemic reality
- Netflix’s Cobra Kai season 6 will be a mega 15 episode epic released in 3 parts from July
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011