March 22—According to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), one of the most powerful tools available to cyber criminals is being weaponized to spread sophisticated malware.

Trickbot is not just a banking trojan. It offers cyber criminals a lucrative means of engaging in a variety of attack types. Right now, cyber criminals with machines infected by Trickbot are leasing the hardware to other criminals.

Trickbot infected machines can deliver malware via phishing threats. Wondering what the latest phishing threats look like?

Phishing, traffic violations and malware

Cyber criminals have tested out new phishing methods via Trickbot. The latest one involves the impersonation of authorities. When an individual receives one of these phishing emails, he or she sees a subject line that suggests proof of a recent traffic violation.

Within the email, hackers include a link that a victim can click on. These links take people to a website. On the website, individuals are instructed to click on a photo. In holding down the computer mouse, the victims unintentionally download a JavaScript file. When opened, this file executes malware.

Late last year, an organized group of international agencies aimed to disrupt Trickbot-related operations. The sting initially appeared successful. However, Trickbot returned shortly thereafter.

What to do right now

The Trickbot malware threats enable cyber criminals to steal valuable data, and to potentially move laterally across networks. Other attack sequences are also possible.

Trickbot represents a clear and present danger for organizations of every variety. The FBI and CISA recommend trying to prevent associated malware infections. Administrators should review the following Trickbot Malware information and CISA’s Trickbot mitigation fact sheet.

For more information about this joint FBI and CISA alert, click here.