TrickBot Comes to Cellular Carriers

A new malicious campaign seeks cell account PINs from victims.

Dark Reading Staff, Dark Reading

August 29, 2019

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Researchers have discovered that TrickBot, a credential-theft botnet operated by the Gold Blackburn threat group, has been modified to target mobile device users on Sprint, T-Mobile, and Verizon cellular networks.

The research, conducted by the Counter Threat Unit Research Team at SecureWorks, found that TrickBot is using its traditional techniques — a man-in-the-middle attack that captures a web session, routes it to a command-and-control server where code is injected to request user credentials, then sends the page to the victim — in requests to the websites run by the three cellular networks.

According to the report, the PIN requested by the malicious form indicates that the criminals are interested in perpetrating SIM-swap fraud.

For more, read here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "The Right to Be Patched: How Sentient Robots Will Change InfoSec Management."

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights