Researchers at Forcepoint have found a new variant of banking Trojan Trickbot targeting Cryptocurrencies.
Researchers at Forcepoint have found a new variant of banking Trojan Trickbot targeting Cryptocurrencies. The attackers initiated the attack with an email from Canadian Imperial Bank of Commerce (CIBC). The email contains a word document with a personal or confident messages to the users. 
According to the post published by Forcepoint currently, Trickbot has been targeting PayPal and expanding its list of target to other nordic countries. Now it has been detected over 8600 emails with the US, UK, and France as their top targets.WORKING OF TRICKBOT MALWARE The email contains a word document which can be downloaded only when the user in online. It will have a macro downloader attached to it. The macro downloader helps to download the Trickbot malware by connecting it to the Command and Control server (C&C). After installation, the malware downloads a set of modules which are used for attacking. In the downloaded version of Trickbot discovered by Forcepoint researchers contains the decrypted configuration file “kas2”. The files contain the list of targets which are identical to the previous one with one exception coin base is an additional target here. 
Coinbase is a cryptocurrency exchange site which is used to exchange Bitcoins, Ethereum, and Litecoin.