It uses a password-stealing Trojan called TrickBot. The novelty of this malware, and also the dangerous part, is that it uses real-life information to deliver the payload.

What is this TrickBot malware and what does it do?

More specifically, as discovered by MalwareHunterTeam, a fake Office 365 page that is incredibly similar to a real one, providing even the links that lead to Microsoft, is prompting users to update their browser. The main browsers affected by this are Google Chrome and Mozilla Firefox, and after accessing the page, a message saying that your browser is out of date and you need to update it appears. For the Chrome users, the message is called Chrome Update Center, and for the Firefox users, the message is entitled Firefox Update Center. If you click on the Update button, the TrickBot information-stealing Trojan will automatically install on the PC and it will hide behind a svchost.exe process that will not raise any doubts in Task Manager. After that, it will send sensitive information to a server. First, it’ll send info about the PC, programs, or services. Then, browsing data, login credentials, autofill information, and more importantly, passwords.

How can I protect my data from the TrickBot password-stealing Trojan?

If you’ve already encountered this malware campaign and clicked on the update button, we recommend that you immediately perform a full system scan to try to get rid of the Trojan. Perform a full system scan directly from Windows Defender. Find out how it’s done right here! To stay protected at all times, make sure that you use an anti-malware tool, or even better, an antivirus solution to keep you PC and your personal data safe. If you’re looking for the best antivirus software to protect your data, check out this list with our best picks. Don’t hesitate to take a look on that list and choose an antivirus that best fits your needs. And don’t forget to always keep your Windows updated, as this may save you from a lot of headaches.

Name * Email * Commenting as . Not you? Save information for future comments
Comment

Δ