Administrators of the TrickBot trojan - one of the most active and widespread malware today - are now able to carry out SIM replacement attacks (SIM swapping attacks).
This has been noticed in the last month, as the developers of TrickBot seem to have developed a new version that can block login credentials and PINs for accounts from various mobile providers.
The data collected by TrickBot can allow malicious application administrators to carry out so-called SIM replacement attacks by transferring a victim's phone number to a SIM card under their control.
This naturally allows TrickBot administrators to bypass them controlς ID cards two factors that use SMS and reset passwords to bank accounts, email accounts or cryptocurrency exchange portals.
For the past two years, SIM replacement attacks have been one of the favorite techniques of hackers targeting financial services.
It is worth mentioning that TrickBot was developed as a targeted trojan simple banking operations in 2016. Today it has evolved into an Access-as-a-Service. What does this mean; The crooks behind TrickBot also allow other malicious developers to deploy malware on already infected computers.
This allowed TrickBot authors to develop close ties with many other cybercrime "colleagues" and Secureworks (the security company that revealed the latest action of the trojan) fears that they could use these relationships to share or sell the data they have managed to collect in the last month.
_________________________
- Champion worldwide in Cybersecurity Leadership Matrix 2019 or ESET
- Windows 10 also collects non-diagnostic data
- Edge from Chromium, will Microsoft's new strategy succeed?
- Internet Archive is at risk of being blocked by ISPs
- You've drank microplastics but don't worry, at least not yet