Threat Management, Malware

TrickBot updated to target mobile carrier customers’ PIN codes

Share

The developers behind TrickBot have modified the banking trojan to target customers of major mobile carriers, researchers have reported.

TrickBot secretly intercepts infected users' network traffic and routes it to a malicious server. The server then injects additional HTML and JavaScript code before the web browser is able to render the page. Such man-in-the-browser attacks typically modify the page to include language and visuals designed to fool users into providing their sensitive information.

As of August, the dynamic webinjects that TrickBot uses were updated to target Verizon Wireless, T-Mobile and Sprint, according to a blog post this week from Secureworks' Counter Threat Unit Research Team. When infected users visit the website of any of these carriers, TrickBot's C2 server will serve up a fake form field that asks them to enter their PIN code and, at least in certain cases, their username and password.

Noting the malicious PIN code request, Secureworks theorizes that the malware developers – a group the researchers refer to as Gold Blackburn (and affiliates) – may be interested in port-out or SIM swap fraud schemes. Secureworks recommends that wireless device owners protect themselves by using time-based one-time password multi-factor authentication instead of SMS-based MFA, enabling PINs on mobile accounts, and avoiding using telephone numbers as a password reset option.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.