Date:20/11/18
A version of TrickBot spotted recently shows interest in data that is peculiar for the normal scope of banking trojans: the Windows system reliability and performance information.
Microsoft runs a Reliability Analysis Component (RAC) on Windows operating systems to supply the Reliability Monitor with details about software installations, upgrades, errors from the operating systems and applications, as well as hardware-related issues.
For this purpose, it uses the RACAgent scheduled task on an hourly basis and dumps all the data to a local folder. You can disable the collection of these details from the Task Scheduler applet, but by doing so you no longer get the Reliability Monitor's System Stability Index.
An analysis of a phishing campaign from My Online Security reveals that a TrickBot variant spotted this week focused on reading and grabbing the OS reliability database and information available under C:ProgramDataMicrosoftRAC.
It is unclear what good this type of data would do to the crooks, but it nay serve malicious purposes, such as better targeting with phishing emails.
This campaign sends TrickBot with messages purporting to be from Lloyds Bank using the address 'donotreply@lloydsbankdocs.com,' which is easy to mistake for a genuine email from the bank.
The fraudsters made an effort to craft believable messages that entice the potential victim to open an attached document containing a malicious macro. If enabled, the macro code downloads and executes TrickBot.
The Office Word document attached to the email includes the Lloyds Bank letterhead to make it look genuine. Furthermore, the crooks added the Symantec logo to make it seem as if the file passed verification from a security solution.
Despite all the efforts to hide its malicious nature, the file is currently detected by at least 30 antivirus engines on VirusTotal.
TrickBot Banking Trojan Starts Stealing Windows Problem History
A version of TrickBot spotted recently shows interest in data that is peculiar for the normal scope of banking trojans: the Windows system reliability and performance information.Microsoft runs a Reliability Analysis Component (RAC) on Windows operating systems to supply the Reliability Monitor with details about software installations, upgrades, errors from the operating systems and applications, as well as hardware-related issues.
For this purpose, it uses the RACAgent scheduled task on an hourly basis and dumps all the data to a local folder. You can disable the collection of these details from the Task Scheduler applet, but by doing so you no longer get the Reliability Monitor's System Stability Index.
An analysis of a phishing campaign from My Online Security reveals that a TrickBot variant spotted this week focused on reading and grabbing the OS reliability database and information available under C:ProgramDataMicrosoftRAC.
It is unclear what good this type of data would do to the crooks, but it nay serve malicious purposes, such as better targeting with phishing emails.
This campaign sends TrickBot with messages purporting to be from Lloyds Bank using the address 'donotreply@lloydsbankdocs.com,' which is easy to mistake for a genuine email from the bank.
The fraudsters made an effort to craft believable messages that entice the potential victim to open an attached document containing a malicious macro. If enabled, the macro code downloads and executes TrickBot.
The Office Word document attached to the email includes the Lloyds Bank letterhead to make it look genuine. Furthermore, the crooks added the Symantec logo to make it seem as if the file passed verification from a security solution.
Despite all the efforts to hide its malicious nature, the file is currently detected by at least 30 antivirus engines on VirusTotal.
Views: 462
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
