Hackers Capitalize on Tax Season with Spread of Banking Trojan

Banking Trojan TrickBot Spreads Like Wildfire

For years, cyber criminals have increased spam campaigns around tax time, in an attempt to make a quick buck.  This year is no different.  Cyber criminals have begun distributing the banking Trojan, TrickBot, through malicious emails fraudulently portraying tax and payroll services. 

Researchers confirmed the malware has been used in three different malware campaigns since late January.  These email campaigns are targeting victims pretending to be from large accounting, tax and payroll services firms, like ADP and Paychex. However, in reality the messages were carrying malicious Microsoft Excel attachments masked as tax or billing invoices, which upon opening will download and execute the TrickBot trojan.

Once the Trojan is installed on one endpoint, TrickBot does two things.  First, it steals as much data as possible on the device.  The data stolen can range from basic email content to banking credentials – the possibilities are limitless, as the hackers have full control of the device.  Then, the malware attempts to spread throughout the network to maximize destruction.  If it is able to spread to additional devices, it will again steal as much data as possible on each device it touches. 

Unfortunately, TrickBot is not noticeable to the average user, as the action it takes is executed in the background.  However, IT professionals will likely notice the changes in traffic or attempts to connect to unauthorized domains when the malware tries to connect to its command-and-control servers.

Researchers have confirmed the mail styles, behavior of the malicious attachments, and the subsequent malware URLs were the same for all three email campaigns used to distribute TrickBot.  Due to these three similarities, it is believed the same cyber criminals were behind all three campaigns. 

The exact target of these emails is unknown; however, since the hackers are fraudulently portraying large firms, like ADP and Paychex, the attacks are likely to have some success.

4,659 total views, 1 views today

(Visited 1 times, 1 visits today)

5 thoughts on “Hackers Capitalize on Tax Season with Spread of Banking Trojan

    • Hi Russ! If you have an Android device you can install PC Matic on it by visiting the Google Play store and searching for PC Matic. Just install and login with your PC Matic account!

    • This banking trojan uses an executable file to install the malicious software. PC Matic would block this file from running. So, to answer your question — yes, PC Matic does find this, but it does not destroy it. It does, however, prevent it from running on the device.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.