"TrickBot: Attackers Using Traffic Violation Scam to Spread Malware"
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI revealed a new phishing scheme in which attackers use fake traffic violations to infect victims with TrickBot and steal sensitive information. The attack begins with someone receiving a malicious email with a link. Once the link is clicked, it sends the victim to a website claiming to contain proof of their traffic violation. The link to the proof downloads a malicious JavaScript file that establishes a connection with a command-and-control server (C&C) controlled by the attackers. From there, TrickBot infects the victim's machine and steals their login credentials through man-in-the-middle (MITM) attacks. The malware can also spread across an impacted network to infect other machines. This article continues to discuss attackers' use of fake traffic violations to spread TrickBot malware, the takedown and return of this malware, and how organizations could defend against the latest TrickBot attack.
Security Intelligence reports "TrickBot: Attackers Using Traffic Violation Scam to Spread Malware"