Security researchers at Forcepoint have detected a new variant of banking Trojan TrickBot, which is now targeting crypto-currency wallets instead of traditional banking credentials.
Cybercriminals have been evolving and enhancing TrickBot since its creation, adding new regional banks to its target list. It’s no surprise that cybercriminals are focussing their efforts on obtaining access to digital currency accounts given the popularity of those and enterprises are continuing to see a barrage of emails containing malicious docs and macro downloaders . The lure within the initial email that would find its way into end-user inboxes matches the theme of the attached MS Word document – that of a bank notifying of a “secure message”. The crypto-currency exchange site targeted manages multiple currencies thus offering a wider platform for abuse by the cyber criminals once they succeed in harvesting the account credentials
As the first to identify this threat, Forcepoint have this morning shared its findings: https://blogs.forcepoint.com/security-labs/trickbot-goes-after-cryptocurrency