Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • TrickBot Malware Warning Victims of Infection by Mistake
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

TrickBot Malware Warning Victims of Infection by Mistake

6 years ago David Bisson
TrickBot Malware Warning Victims of Infection by Mistake

Security researchers observed some variants of the TrickBot malware family mistakenly warning victims that they had suffered an infection.

Advanced Intel’s Vitali Kremez traced the mistake to “password-stealing grabber.dll.” This module is responsible for stealing browser credentials and cookies from Google Chrome, Microsoft Edge and other web browsers that are stored on a victim’s machine. Upon receiving this collected information, those responsible for TrickBot can then use the credentials to authenticate themselves on a victim’s accounts.

Kremez observed that the TrickBot attackers had specifically deployed their malware with a test version of password-stealing grabber.dll. Upon execution, that module spawned a warning message in a victim’s browser informing them that a program was gathering their browser information.

The warning message mistakenly displayed by TrickBot’s password grabber module. (Source: Bleeping Computer)

Warning
You see this message because the program named grabber gathered some information from your browser.
If you do not know what is happening it is the time to start be worrying.
Please, ask your system administrator for details.

Reflecting on his discovery, Kremez told Bleeping Computer that the TrickBot gang had likely been testing a new feature and had neglected to remove that warning message when they began distributing it in the wild.

This wasn’t the first time that TrickBot made news at the end of H1 2020. In mid-June, for instance, researchers came across an attack email that leveraged a fake Black Lives Matter voting campaign to distribute Trickbot malware. That was a few weeks before security analysts spotted Trickbot malware checking the screen resolution as a means of evading analysis on a virtual machine (VM). About a week later, security researchers observed Conti ransomware sharing the same TrickBot infrastructure as used by Ryuk for its attack campaigns.

Kremez instructed any victims who saw the warning message displayed above to disconnect their computers from the network and to perform a scan using their anti-virus software. Once the malware is removed, they should change the credentials for any web accounts whose data they might have stored in their web browsers.

The post ” TrickBot Malware Warning Victims of Infection by Mistake” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Encryption, Google, Google Chrome, Malware, Microsoft, Ransomware, TripWire

Continue Reading

Previous A ‘New Age’ of Sophisticated Business Email Compromise is Coming
Next Secret Service Creates Cyber Fraud Task Forces

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

14 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

16 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

18 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help

19 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Why Agentic AI Is Security’s Next Blind Spot

21 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

22 hours ago [email protected] (The Hacker News)

Recent Posts

  • New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
  • RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
  • New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
  • Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help
  • Why Agentic AI Is Security’s Next Blind Spot

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT