Hackers are adding lessons they’ve learned from the worldwide spread of the WannaCry ransomware and Petya cyberattack to their playbook. According to an article in ZDNet, the hackers behind the Trickbot financial malware are testing a new version of Trickbot that uses a rough imitation of the EternalBlue security vulnerability to spread itself through an infected network like WannaCry/Petya.
Trickbot targets banks and has been spreading by email with a link to a false international financial institution. The email leads the receiver to a fake login that is meant to collect credentials. This malware can use inter-process communication to propagate and execute a PowerShell script disguised as ‘setup.exe’ to download an additional version of Trickbot.
Researchers at Flashpoint have been monitoring the spread of this malware and say it’s replicating the same type of exploit that spread WannaCry and Petya around the world. The scary thing is that Trickbot’s creators are actively improving their malware, so it has the potential to become even more dangerous in the future. And if one hacker is learning from Petya and WannaCry, it’s a safe bet there are dozens more out there doing the exact same thing.
Read the entire article on ZDNet and revisit the WannaCry attack by reading How to Defend Against the WCry Global Ransomware Attack from WatchGuard’s CTO, Corey Nachreiner here on Secplicity.