by Liam Kelly
Computer security software firm identifies a Trickbot variant that now targets individual’s cryptocurrency wallets.
Forcepoint Identifies Trickbot Variant
A new variant of banking trojan was discovered and reported on by cybersecurity firm Forcepoint on August 29 of this year. Although Trickbot has been primarily developed to target bank accounts, a new variant has now been shown to target cryptocurrency wallets. The cybersecurity firm has also pointed out that they have captured, “8600 related emails…with the UK, Canada, and France as the top three targets.”
Following the analysis of said 8600 emails, Forcepoint noted an addition to their list of targets: Coinbase.com. The currency exchange site that operates exchanges between Bitcoin, Litecoin, and Ethereum to name a few, is now a principal objective for the malware.
Earlier in June, Trickbot moved from traditional banks to targeting PayPal accounts and business CRMs (Customer Relationship Management). Now with Bitcoin’s price holding close to $4500, it comes as no surprise that cryptocurrency wallets are becoming a more valuable target.
Trickbot identifies itself in user’s inbox as a secure message from the Canadian Imperial Bank of Commerce (CIBC). An attached document is included in the mail, in which is also contained a macro downloader that downloads and enables the Trickbot malware.
As mentioned above, the malware targets traditional banking information, but also Paypal accounts and most recently cryptocurrency wallets.
Growth of Cryptocurrency Malware
It is becoming more and more common for cryptocurrency wallets to become targets of malware tampering. On June 16, 2011, Mikko Hypponen tweeted out, “We’ve just seen the first trojan that searches for Bitcoin WALLET.DAT files and mails them away. Ouch.” A link to a notice by Symantec also outlined exactly what the June 16 threat entailed.
In 2017, not only does the threat not seem to be neutralized, it appears to be adapting to the rising popularity and value of cryptocurrencies.