A new version of the famous banking Trojan TrickBot has expanded the circle of potential victims, including users of the popular cryptocurrency account Coinbase. This is reported by BleepingComputer.
The find was made by security researchers from Forcepoint. According to their data, TrickBot can impose a fake logon page when a user visits Coinbase through his browser. Having received user data to log into the account, scammers transfer cryptocurrency from the purses of victims to their own.
Troyan was first discovered in 2016, and then its purpose was the data of online banking. To date, it can infect users’ devices and impose fake login pages on banking portals in more than ten countries.
In June 2017, the Trojan aimed at PayPal accounts and login pages of several well-known CRM-systems. A new version of TrickBot with “crypto currency support” was discovered in late August and was contained in documents attached to the spam mailing allegedly on behalf of the Canadian Imperial Bank of Commerce.
The interest of online scammers is quite obvious: Coinbase is the most popular cryptocurrency in the world and supports bitcoin, Ethereum and Litecoin.