Quote:The TrickBot malware, known previously for targeting U.S. banks, is now setting a bullseye on users of U.S.-based mobile carriers, including Verizon Wireless, T-Mobile and Sprint, to launch SIM swapping attacks.
Researchers with Dell’s Secureworks research team warned that they have observed the malware leveraging a new module that manipulates web sessions for already-infected systems, in order to inject code into websites specifically for U.S. mobile carriers. This code, injected on mobile carrier websites, adds an option on the legitimate websites requesting users’ account PIN number – giving the malware’s operators the ability to steal visitors’ PIN codes and other credentials.
“When a victim navigates to one of these sites from a system infected with TrickBot, the legitimate content will be intercepted and modified,” Keith Jarvis, senior security researcher at Secureworks Counter Threat Unit told Threatpost. He said, modified code is injected into the victim’s browser instead of the legitimate site’s content: “The modifications are typically minor and in this case simply ask for the account PIN during login when normally this is not required by the legitimate site’s login procedure.”
Read more here: https://threatpost.com/trickbot-targets-...ns/147792/
![[-]](https://www.geeks.fyi/images/collapse.png)
