What is the issue?
Secureworks Counter Threat Unit (CTU) researchers uncovered a new version of the Trickbot trojan that steals PIN codes from Verizon Wireless, T-Mobile, and Sprint users.
More details about the new variant
CTU researchers monitored the TrickBot operations operated by the GOLD BLACKBURN threat group and uncovered that new dynamic webinjects were added to TrickBot to target mobile carriers in the US.
New dynamic webinjects were added to target Verizon Wireless users on August 5, 2019, T-Mobile users on August 12, 2019, and Sprint users on August 19, 2019.
SIM swap fraud
Researchers noted that stealing mobile users’ PIN codes suggests an interest in conducting a SIM swap fraud which would allow them to take full control over the victims’ phone number including all inbound and outbound text and voice communications.
“Enabling a PIN on mobile accounts remains a prudent anti-fraud measure that requires an attacker to possess an additional piece of information about their intended victim,” said the researchers.