Cybercriminals nowadays are becoming smarter than ever, designing and creating viruses, malicious objects, and malware entities that appear to be legit, but are actually very aggressive.
One example of a lowkey yet dangerous threat is the so-called TrickBot malware.
What is TrickBot Malware?
The TrickBot malware has been existing for quite some time now, compromising millions of personal email accounts and attacking corporate networks.
The first-ever recorded TrickBot malware attack happened in 2016. Although it’s been more than 3 years already, it remained strong and powerful. In fact, it seemed to have evolved into a more powerful malicious entity with more functionalities that make it scarier than before. Businesses even consider it a top threat.
TrickBot Malware and ActiveX Control
Recently, there have been talks that a group of hackers is using TrickBot malware in phishing campaigns. They took advantage of the remote ActiveX Control feature in Microsoft Word 2007 docs to execute malicious macros and carry out malicious doings. Once initiated, ActiveX Control will automatically launch a malware downloader called Ostap, which immediately communicates to its server. Do you know what makes all this interesting? All this happens because of phishing.
It is said that cybercriminals send out fake emails to victims, informing them of a missed payment. The emails contain fake invoice attachments, which in truth, are just booby-trapped Word documents.
According to experts who analyzed the phishing campaign, they discovered that the JavaScript component of the malware downloader is well-hidden in the Word document’s body as plain white text, making it appear unnoticeable at first glance.
When the Microsoft Word document is opened, a part of the malicious macro is executed. The moment the document is closed, all other macros run. Obviously, the attack is cleverly designed to thwart any behavioral analysis attempts.
Other Effects of the TrickBot Malware
Originally a banking Trojan, TrickBot is designed to steal financial and banking information from the computers of unsuspecting victims. It spreads through phishing emails that are sent across the networks of organizations and companies.
Sometimes, the malware disguises itself as a fake company newsletter sent by the HR department to everybody in the organization. Often, it pretends to be a fake resume sent by a candidate to the human resources department.
Once the malware penetrates an organization’s network, it quickly wreaks havoc in many ways possible. One way it exploits an organization’s vulnerabilities is through the Server Message Block (SMB), which is a file-sharing protocol used by many companies. This protocol allows users within the network to access and share files in a breeze.
While this malware can take many forms, one thing is clear. It surely knows how to disguise and hide in a Microsoft Word file attached to phishing emails.
To summarize what the TrickBot malware does, here’s how it works in four phases:
- Phase 1: The computer of the victim gets infected with malware. It receives instructions from the malware’s server to download a malware downloader.
- Phase 2: The downloader will then report back to its server, sending a list of collected information from the victim’s computer.
- Phase 3: The server then instructs the malware to send fake emails using the victim’s email accounts.
- Phase 4: The malware will then send out fraud and spam emails to further spread the infection.
Keep Your Computer Protected Against TrickBot Malware
Clearly, this malware entity is very sneaky in nature, making it hard to detect. However, you can still protect yourself against it.
Here are some preventive tips to keep TrickBot from infecting your PC and collecting your data:
- Install any available app and Windows updates. These updates and patches are released to strengthen your device’s security. Install them right away.
- Keep your anti-malware software
- Think before you click. Make sure that you only open emails coming from trusted and known sources. Avoid clicking suspicious attachments. As you may know, phishing emails are the top distribution channels of the TrickBot malware.
- Clear your device of any junk and unwanted files using a trusted PC repair tool. Sometimes, malware entities disguise as cache or file logs. You don’t want any of them hiding on your computer, right?
In Conclusion
Don’t be deceived by the TrickBot malware. It may appear like a harmless entity at first, but once it starts its malicious doings, a lot of your personal and sensitive information may be compromised. At the end of the day, awareness and prevention are the two important things that can protect you and your computer from being infected.
If you suspect that the TrickBot malware has successfully infiltrated your system, don’t worry. There are many ways to get rid of the TrickBot malware.
Have you encountered this new and improved TrickBot malware that adds ActiveX Control? Share your experience in the comments!