04-08-2019, 12:26 PM
![[Image: 03_shipping_malware-100694090-large.jpg]](https://images.techhive.com/images/article/2016/11/03_shipping_malware-100694090-large.jpg)
The tax year is winding down, and with it come a host of problems for potential filers, a malware called TrickerBot has been utilized by a group of malicious actors to steal banking credentials from users, this infection has been spread using email phishing.
Inside the email is a malicious Excel document. Once the system is infected, the malware searches for vulnerable devices on the network, and combs for passwords and any banking info it can find. Once all necessary information has been gathered, the people behind the operation can use the info to file false end-of-the-year tax returns and will get the return that is meant for the victim.
It is reported that TrickerBot was first discovered in 2016, and since then has only evolved to be able to steal more login and banking details. The attackers have been disguising the emails to look like they are from three key accounting and payroll providers, including ADP, and PayChex. They have cemented this falisification by also registering similar looking domains, this is known as [Domain-Squatting].
TrickerBot has continued unhindered by law enforcement, and has only grown stronger because of it. It is reported that the back-end infrastructure has at least 2,400 C&C [Command and Control] servers with various configurations and versions. TrickerBot is also reported to be the largest in the cyber-crime arena, with their main operations focused in the US and the UK.
Original article c an be found here.
That was the news folks, have a good week, and stay safe out there.
----Mad-Architect