Microsoft Windows 10 has been a hot topic around ConsumerAffairs, lately. The operating system has faced rebukes from tech pundits when it was first released, issues with updates, and problems with its Bluetooth connectivity.
If you’re someone who counts on Windows 10’s “Defender” antivirus software to protect you from malware threats, consider yourself forewarned about yet another issue.
Meet Trickbot
Trickbot -- an old hacking favorite -- has come out of the shadows and is on a serious spree, reportedly tagging 250 million email accounts to spread its curse.
The angle that Trickbot works is worming its way past Windows Defender by posing as a credible source, then snatching online banking credentials. It’s also been known to steal from cryptocurrency (e.g. Bitcoin) wallets, browsers, and other systems holding credentials.
Once it’s past Defender’s gatekeepers, Trickbot turns right around and disables Defender, weakening a user’s computer even further.
Is there a fix?
When ConsumerAffairs searched Microsoft’s support site for information regarding Trickbot, we didn’t find anything in particular, but the company did offer basic tips that users can use to possibly protect their computers. Note that we said “possibly.”
What we did find in our research is that jumping in the ring with Trickbot is not for the casual computer user. BleepingComputer reports that the new version of the malware has added 12 new processes that it disables. Adam Kujawa, the Director of Malwarebytes Labs at internet security company MalwareBytes, told ConsumerAffairs that those new tricks make it incredibly powerful when it comes to lateral movement through networks.
“We’ve mainly seen Trickbot being pushed toward organizational networks, like businesses, and usually as a secondary payload after another infection (like Emotet, another banking trojan),” Kujawa said.
“However, Trickbot has had a lot of success in the past distributing itself. Newer versions of Trickbot also have the ability to spread via infected emails from infected systems, making it even more likely to spread when users encounter the email without protection or awareness of what it is.”
Businesses are particularly vulnerable
From Kujawa’s vantage point, Trickbot is inclined to wreak more havoc with businesses than consumers.
“While it’s totally possible that a consumer could encounter Trickbot, they aren’t the intended target, and the kind of damage that could be done to an enterprise network is far greater than that done to a single consumer endpoint,” he said.
Nonetheless, Kujawa says Trickbot’s popularity is putting it in the crosshairs of most antivirus developers, who are trying to work their magic to figure out how to prevent and stop it.
“So while this version of Trickbot might go after Windows Defender, there are other security tools out there to protect users,” Kujawa offered.
“By utilizing some of the more popular vendors out there that employ real time protection (to stop the threat before it does damage), a user can stay safe from a Trickbot infection. However, if the user is infected before cleaning the system, the following is a list of what the user should do after they have removed Trickbot from their system:
You might want to have a credit freeze or monitor put in, for all the breaches and attacks of the last few years, you should probably do this anyway.
Change your passwords on any accounts you might have accessed while you were infected. If you don’t know, then change them all!
If you think you might have provided your financial information (CC info, bank account #, etc.) to a website or logged into your bank, you should probably have new cards issued and inform your bank that you were infected and that you don’t know if they will try to use your bank info for fraud.
Reach out to anyone who might be on a contact list or e-mail list that you have locally saved or accessed while infected with Trickbot, then send an e-mail out to those folks letting them know that if they have seen any odd e-mail from you, it was from this malware and to ignore it.”
Not as serious as it sounds?
While the number of affected users is very high, Kujawa points out that consumers who are properly prepared should have no issue combating Trickbot.
“Overall, this isn’t a difficult threat to defend against if you are ready for it,” Kujawa told ConsumerAffairs. “The most damage that has been caused by Trickbot, recently, usually has to do with an organizational network, a higher return on investment and for those organizations who were unprepared for an attack like that.”
But if the mere thought of being hacked sends you running for the hills, Kujawa says the extra-cautious computer user could up their ante by adding anti-exploit technology, which could spot a malicious script and stop it in its tracks before it downloads and installs the Trickbot payload.