TrickBot and COVID-19 Malicious Payloads

A malware used with COVID-19

Woman With Face Mask Looking at a Laptop

TrickBot is no stranger to the malware universe, a common trojan payload that’s harassed users and companies for years. With COVID-19, however, TrickBot has found a new fear-factor to exploit in hopes to spread faster.

What is TrickBot?

Trickbot is a banking trojan that appeared in the UK, often to steal bank account information and user credentials. It would primarily inject itself into networks and introduce additional malware. Now, it’s used in conjunction with COVID-19.

How do the attacks work?

Like most malware attacks related to Coronavirus, the TrickBot campaigns were designed around message lures. These messages were falsified to appear official in an attempt to deceive the recipient. 

Microsoft’s official Security Intelligence Twitter provided images on what some of the lures look like:

microsoft official security intelligence

You’ll notice some basic characteristics in the email. For one, the email focuses on COVID-19 as the subject and content. Phishing attacks are designed around irrational action, so causing alarm and fear is a common tactic.

Because there is a lot of concern and fear about Coronavirus, it’s a natural weapon to phishing attacks.

As for the content, it asserts that there are some medical tests that can aid someone “without spending a dime,” though it’s rife with small grammar errors. Of course, the ultimate goal is to get the person to download and “fill out” the attached content. You can imagine that someone suffering from the disease or has a loved one struggling with Coronavirus is more likely to seek aid. It doesn’t matter that tens of thousands of people are vulnerable, malicious actors know they’re easy targets.

it support portland oregon

Microsoft’s security Twitter provided other results like this one above. You’ll see the content is primarily the same, save for a few word adjustments.

“Investigation, not trick,” isn’t exactly the best way to convince someone. If you encounter an email that asserts it’s not a scam or a trick, it’s probably a scam (consider: you probably didn’t assume the email was inherently deceptive anyway).

Protecting your data

While TrickBot is a far-reaching type of Trojan Horse and poses many obstacles for personal and professional security, you can still do a few things:

  • Only trust after verification, meaning do not trust the content of the email until you verify the source of the message
  • Do not open attachments or links sent in emails/messages
  • Keep your anti-virus updated to the latest version
  • In business networks, make sure to report any suspicious email or message to IT security, especially in a remote work environment

You can also utilize professional third-parties such as an MSP to use active monitoring and backup options to mitigate the potential damage caused by the TrickBot attack.

Still experiencing problems? You can reach out to Bytagig for further information and assistance.

Share this post: