Beware email messages notifying you of traffic violations. They may be trying to infect your PC with the notorious Trickbot malware, warns the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
"A sophisticated group of cybercrime actors is luring victims, via phishing emails, with a traffic infringement phishing scheme to download TrickBot," says the joint-agency advisory (opens in new tab) released earlier this week.
- Stimulus check and Covid vaccine scams running rampant — what to look for
- The best internet security suites for total protection
- Plus: Zoom security flaw lets other people see way too much
The advisory describes Trickbot as "highly modular, multi-stage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities."
The malicious emails are part of a "spear phishing" campaign targeted selected people. You can expect the email messages to be tailored to the individuals receiving them, perhaps by addressing the recipients by name or even mentioning valid street addresses, makes of vehicle or license plates.
As many malware campaigns today target corporations or other large enterprises, the targeted individuals may be corporate executives whose emails would contain valuable information, or IT staffers who have wide access to a company network. Those individuals' personal email accounts may be targeted along with their workplace accounts.
To guard against Trickbot malware, make sure your Windows PC is running one of the best antivirus programs. Set up two-factor authentication on every online account that permits it. And don't save sensitive passwords in your browser; use one of the best password managers instead, which will be harder to break into.
Trickbot began life as a banking Trojan in 2016, but has evolved to become one of the most versatile strains of malware around. It can steal encryption keys, cookies, PIN codes and passwords; spread itself though a local network; mine cryptocurrency; and install other forms of malware, including the Ryuk and Conti ransomwares and the Emotet botnet malware.