TrickBooster
TrickBooster is an e-mail-based module for Trojan.TrickBot, a threat that can compromise bank accounts and conduct other attacks against your PC. TrickBooster hijacks the victims' e-mails for further compromising the system, sending spam, and other activities, and targets most e-mail services. Have anti-malware products available for removing TrickBooster and Trojan.TrickBot and change all login information immediately after disinfection.
The New Tricks Hiding Up a Bot's Sleeve
The years-old Trojan.TrickBot is up to brand-new attacks, courtesy of an extra module that a threat actor is tacking onto the Windows program. This modular component is complex and invasive sufficiently that it warrants research unto itself with the label of TrickBooster – due to its features 'boosting' the spread and informational theft of the banking Trojan's campaigns. TrickBooster's activity has been ongoing for an unknown time, with current estimates of its potential arriving at figures of well over two hundred million compromised e-mail accounts.
TrickBooster is a self-contained module that runs inside of the Trojan.TrickBot framework and facilitates that Trojan's collecting bank account credentials and other information. TrickBooster does this by compromising logins for e-mail accounts, including Gmail, Yahoo, and other, mostly general-purpose providers. Concerningly, malware experts also see cases of TrickBooster's victims consisting of government e-mail addresses for North American and European nations.
Once it hijacks the account, TrickBooster uses it for sending corrupted e-mails and C&C communications and deletes the evidence of having done so afterward. TrickBooster carries this stealth into its installation and persistence routines, which remove the tracks of the infection's vectors, such as the module-installing executable carefully. As a result, many cyber-security products will not detect TrickBooster or, presumably, its modernized version of Trojan.TrickBot.
Don't Give a Boost to Trojan Spam
The most direct reason for criminals harvesting e-mail accounts is for sending spam that could cause further TrickBooster and Trojan.TrickBot infections. However, these e-mails and credentials are valuable for selling on the Black Market to third parties equally, or for propagating unrelated schemes and Trojan campaigns. Users can lower the risks from these attacks by not sharing their e-mail logins with other accounts, by scanning e-mail attachments and addresses before opening them, and by avoiding activating advanced content like macros.
The stealth features in use by campaigns running TrickBooster include the inconsistent use of digital certificates associated with genuine companies. These characteristics and other means of evasion by newly-analyzed threats are susceptible to countering by keeping one's security software updated to the latest versions and databases available. Competent anti-malware products should remove TrickBooster and the original Trojan.TrickBot infection, but can't undo the theft of passwords or loss of account privacy.
TrickBooster is something new for Trojan.TrickBot – a weaponized version of e-mail access that turns a relatively contained threat into a widely-distributed one. When Trojans are walking over the boundaries of digital communication, it's those who don't watch over their devices and computers closely who pay the price first.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.