The Tax day is fast approaching and the reports of a notorious data capturing malware campaign called TrickBot is also on a rise. The hackers around the world are pushing the Trojan to fully exploit the tax season via their spam campaigns.
TrickBot in the past has been known to infect devices which lie vulnerable in a network as it looks for passwords and banking details which it relays back to the attacker. This information helps the attacker steal money. The malware develops as it keeps accumulating more and more credentials.
Hackers mainly push TrickBot through malicious Microsoft Excel Spreadsheet documents that are circulated through spam campaigns. IBM X-Force has warned that the malware needs only one unsuspecting victim to infiltrate into an organization. They said in their analysis: “The average user will probably not notice any infections by TrickBot directly. Network admins, however, may eventually see changes in traffic or attempts to connect to blacklisted IPs and domains when the malware tries to connect to its command-and-control (C&C) servers.”
The malware was found in 2016 and has evolved over time at a fast pace. IBM X-Force researchers have said that the malware has new code injection techniques, has updated its info-stealing module and has also customized redirection method.
The cybersecurity researchers have asked people to be vigilant and be vary about tax-related unsolicited emails. Further, keeping all the critical and non-critical systems up-to-date and patched is crucial. Beyond this, keeping the macros disabled by default in Office documents, blocking all URL and IP-based IoCs at Firewalls is advised.