You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- New Trickbot variant targets mobile users' PIN codes

New Trickbot variant targets mobile users' PIN codes
New Trickbot variant targets mobile users' PIN codes- August 29, 2019
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_530213215.jpg)
- Researchers uncovered a new version of the Trickbot trojan that steals PIN codes from Verizon Wireless, T-Mobile, and Sprint users.
- New dynamic webinjects were added to target Verizon Wireless users on August 5, 2019, T-Mobile users on August 12, 2019, and Sprint users on August 19, 2019.
What is the issue?
Secureworks Counter Threat Unit (CTU) researchers uncovered a new version of the Trickbot trojan that steals PIN codes from Verizon Wireless, T-Mobile, and Sprint users.
More details about the new variant
CTU researchers monitored the TrickBot operations operated by the GOLD BLACKBURN threat group and uncovered that new dynamic webinjects were added to TrickBot to target mobile carriers in the US.
New dynamic webinjects were added to target Verizon Wireless users on August 5, 2019, T-Mobile users on August 12, 2019, and Sprint users on August 19, 2019.
- When users visit the websites of Verizon, T-Mobile, or Sprint, the legitimate server response is intercepted by TrickBot and proxied through a command and control (C2) server.
- The C&C server injects additional HTML and JavaScript into the page, which is then injected in the victim's web browser.
- The injected code activates TrickBot’s record (rcrd) functionality that creates an additional form field.
- The additional form field requests users’ usernames, passwords, and PIN codes.
- The collected information is sent to the TrickBot’s C&C server.
SIM swap fraud
Researchers noted that stealing mobile users’ PIN codes suggests an interest in conducting a SIM swap fraud which would allow them to take full control over the victims’ phone number including all inbound and outbound text and voice communications.
- Researchers recommend organizations to use time-based one-time password (TOTP) multi-factor authentication (MFA) instead of SMS MFA.
- They suggest not to use telephone numbers as a password reset option on important accounts.
“Enabling a PIN on mobile accounts remains a prudent anti-fraud measure that requires an attacker to possess an additional piece of information about their intended victim,” said the researchers.
- + Aware
Get such articles in your inbox
News
-
Previous News Popular WordPress plugins identified with critical SQL injection vulnerabilities
- August 29, 2019
- |
- Malware and Vulnerabilities
-
Next News Cisco patches critical vulnerability in Virtual Service Container for IOS XE
- August 29, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
-
APAC’s Compromised Domains Fuel Emotet Campaign
- December 4, 2019
- |
- Malware and Vulnerabilities
Categories
Get such articles in your inbox
News
-
Previous News Popular WordPress plugins identified with critical SQL injection vulnerabilities
- August 29, 2019
- |
- Malware and Vulnerabilities
-
Next News Cisco patches critical vulnerability in Virtual Service Container for IOS XE
- August 29, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
-
APAC’s Compromised Domains Fuel Emotet Campaign
- December 4, 2019
- |
- Malware and Vulnerabilities
Categories
