Image
Image
Warning You see this message because the program named grabber gathered some information from your browser. If you do not know what is happening it is the time to start be worrying. Please, ask your system administrator for details.Reflecting on his discovery, Kremez told Bleeping Computer that the TrickBot gang had likely been testing a new feature and had neglected to remove that warning message when they began distributing it in the wild. This wasn't the first time that TrickBot made news at the end of H1 2020. In mid-June, for instance, researchers came across an attack email that leveraged a fake Black Lives Matter voting campaign to distribute Trickbot malware. That was a few weeks before security analysts spotted Trickbot malware checking the screen resolution as a means of evading analysis on a virtual machine (VM). About a week later, security researchers observed Conti ransomware sharing the same TrickBot infrastructure as used by Ryuk for its attack campaigns. Kremez instructed any victims who saw the warning message displayed above to disconnect their computers from the network and to perform a scan using their anti-virus software. Once the malware is removed, they should change the credentials for any web accounts whose data they might have stored in their web browsers.