TrickBot malware may have stolen as many as 250 million email accounts, including some belonging to governments in the US, UK and Canada. The malware isn’t new. In fact, it’s been circulating since 2016. But according to cybersecurity firm Deep Instinct, it has started harvesting email credentials and contacts. The researchers are calling this new approach TrickBooster, and they say it first hijacks accounts to send malicious spam emails and then deletes the sent messages from both the outbox and trash folders.
In a recent investigation, Deep Instinct found a database containing 250 million compromised email accounts. The firm says millions of those belong to governments in the US and UK, as well as agencies in Canada. The database contained more than 25 million Gmail addresses, 19 million Yahoo.com addresses and 11 million Hotmail.com addresses. AOL, MSN and Yahoo.co.uk were also hit. As DeepInstinct points out, TrickBot could use those emails to distribute more of its own malware.
According to TechCrunch, the researchers first detected TrickBooster on June 25th. Deep Instinct is still investigating, and it’s in the process of sharing information with authorities. The update is unsettling, as it’s so widespread, and as Deep Instinct puts it, TrickBooster is a “powerful addition to TrickBot’s vast arsenal of tools.”
Engadget’s parent company, Verizon, now owns Yahoo. Engadget remains editorially independent.