Computer criminals are using various phishing pages and other types of web content related to the Black Lives Matter protest movement and as a result deliver the Trickbot Trojan. This malware has been employed over the years as a main weapon by different hacking groups.
Black Lives Matter Movement Now Used In Phishing Scams Delivering TrickBot
Computer criminals are now using a new phishing campaign devised to trick users into infecting themselves with the infamous TrickBot Trojan. It is based on the recent Black Lives Matter movement which is growing in popularity across the world and particularly in the USA. Various groups, organizations and individual web users are creating numerous pages and resources with the message. This has resulted in a surge of visitors that visit such content. An unknown hacking group is abusing this type of content and sending out samples of a new derivative version of this malware. The campaign is seen as worldwide as many different types of scams have been detected to use this type of message. At the moment one of the main forms are email messages that are sent in bulk, very similar to how SPAM is prepared for sending out.
Many of these email messages are sent with the subject line of Vote anonymously about “Black Lives Matter”. The content can take many forms including the following:
- Political messages about racism
- Slogans against racism
- Call To Action
- Fraud News Articles
The messages will either link or carry a malware payload carrier which will lead to the Trojan infection. The majority of versions are of an infected documents of popular formats: presentations, databases, text files and spreadsheets. When they are opened by the users a prompt will appear asking the users to enable te scripts, this will lead to the malware infection. When these macros are enabled the command will download a malware DLL which contains the Trojan.
TrickBot Trojan Operations: How Does This New Black Lives Matter Sample Work?
As this malware is among the most popular each hacking group can create modifications of their own. And in this version there have bee some additional modules implemented which have not been used in some of the previous examples. The main engine of this TrickBot version is fully capable of downloading other modules to the host system from a remote server.
This virus threat will be able to hijack user data from the affected machines — this can be system data and user data. Such can include application data such as passwords stored in web browsers and also sensitive data from productivity tools and office suites. Another common Trojan option which is often used is the additional malware infection. This can include file encrypting ransomware and web redirects and hijackers that usually are packaged as hacker-controlled websites and dangerous browser extensions that redirect to them.
The TrickBot Trojan is also configured to infect other computers that are connected to the same network. This is often done by available network shares and other resources which by default allow access to other computers.
This TrickBot phishing campaign that uses the Black Lives Matter is seen as a follow-up to the ongoing and still popular strategy utilizing scams, fraud messages and other content that are based on COVID-19 warnings and notices.