Hackers Use Black Lives Matter to Spread TrickBot
Hackers are using Black Lives Matter to distribute the TrickBot malware. According to Swiss security firm Abuse.ch, hackers are posing as government officials, to lure socially minded victims into clicking on a malicious attachment in an email. The messages use grammatically incorrect subject line Vote anonymous about Black Lives Matter or Leave a review confidentially about Black Lives Matter and claims to contain a survey document. In a sample campaign document, the attachment, opens a button urging recipients to Enable Editing. If clicked, the button activates malicious macros that download TrickBot, in the form of a malicious library (.DLL file).
TrickBot is a rapidly evolving malware strain that has been around since 2016, starting as a banking trojan. Over time, it extended its functions to include collecting credentials from a victim's emails, browsers and installed network apps. The malware has also evolved to add more modules and act as a conduit for other malware. Earlier this month, a new, stealthy backdoor that researchers call BazarBackdoor was added to TrickBot's arsenal. In January, researchers found hackers using PowerTrick, a backdoor that helped the malware target financial institutions and also fetch yet other backdoors.
Hackers looking for a quick payday often use popular movements or sporting events in order to capitalize on people's interest in a given subject. This happens with the Super Bowl and the World Cup. More recently, hackers have used COVID-19- and coronavirus-themed lures to pique recipients' interest. The BLM-themed campaign is not the only one making the rounds. Researchers have also started to detect newly registered domain names such as blacklivematterfund[.]com and thegeorgefloydfundation[.]net.
Businesses and users need to be careful of this kind of campaign. The latest TrickBot campaign highlights the need for organizations to guard against phishing attacks. One way they can protect themselves is by being aware of the most common types of phishing campaigns that are in circulation today.