Skip to main content

FBI issues warning over Trickbot Trojan — what you need to know

A woman opening email on a laptop that shows a big warning sign on its display.
(Image credit: Rawpixel.com/Shutterstock)

Beware email messages notifying you of traffic violations. They may be trying to infect your PC with the notorious Trickbot malware, warns the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

"A sophisticated group of cybercrime actors is luring victims, via phishing emails, with a traffic infringement phishing scheme to download TrickBot," says the joint-agency advisory released earlier this week. 

The advisory describes Trickbot as "highly modular, multi-stage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities."

The malicious emails are part of a "spear phishing" campaign targeted selected people. You can expect the email messages to be tailored to the individuals receiving them, perhaps by addressing the recipients by name or even mentioning valid street addresses, makes of vehicle or license plates.

As many malware campaigns today target corporations or other large enterprises, the targeted individuals may be corporate executives whose emails would contain valuable information, or IT staffers who have wide access to a company network. Those individuals' personal email accounts may be targeted along with their workplace accounts.

To guard against Trickbot malware, make sure your Windows PC is running one of the best antivirus programs. Set up two-factor authentication on every online account that permits it. And don't save sensitive passwords in your browser; use one of the best password managers instead, which will be harder to break into.

Trickbot began life as a banking Trojan in 2016, but has evolved to become one of the most versatile strains of malware around. It can steal encryption keys, cookies, PIN codes and passwords; spread itself though a local network; mine cryptocurrency; and install other forms of malware, including the Ryuk and Conti ransomwares and the Emotet botnet malware.

Paul Wagenseil
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. That's all he's going to tell you unless you meet him in person.