"Is the Trickbot Botnet Back Again?"

An analysis conducted by Menlo Security revealed that Trickbot malware has returned. According to Menlo Security, Trickbot is back with a new phishing campaign targeting users in North American insurance and legal organizations. Trickbot operators have been observed applying various phishing methods to trick users into downloading the Trojan onto their devices. The new campaign encourages users to click on a phishing link in the email, which redirects them to a compromised server. The victim is presented with a web page containing a "Download Photo Proof" button that downloads the malicious JavaScript if clicked. Previous Trickbot campaigns weaponized email attachments. Trickbot was behind many malware and ransomware attacks in 2020, exploiting the fear and confusion surrounding the COVID-19 pandemic. This Trojan can move laterally through a network, exfiltrate credentials from web browsers, steal OpenSSH keys, install additional payloads such as ransomware, and more. This article continues to discuss the recent return of Trickbot in a new malicious spam campaign, previous Trickbot campaigns, the capabilities of this malware, and Microsoft's disruption of Trickbot operations in October 2020. 

CISO MAG reports "Is the Trickbot Botnet Back Again?"