A banking trojan, called Trickbot, has the ability to target Coinbase users after an update has apparently provided the trojan support to steal funds stored on the exchange’s accounts.
Bank Malware Now Going After Coinbase Users
Trickbot is banking malware that has usually gone after the customers of traditional financial institutions, but has now seemingly shifted focus.
According to Forcepoint, their systems had encountered over 8600 emails related to the malware — with the UK, France, and Canada being the primary targets of the phishing campaign.
Many of the decrypted files from these emails contained a list of victims already seen before, but the security firm noticed one exception: Coinbase.
After discovering this, Forcepoint subsequently put Coinbase on their list of monitored sites for web injections.
Additionally, they also commented that their discovery means the malware now threatens an entirely new group of people — saying that it puts non-traditional currency users at risk of having their funds stolen from Trickbot.
Trickbot: From Banking Trojan to Crypto Threat
Before it was known that Trickbot was targeting Coinbase users it was mostly known for going after banks, and was also reported to have attacked Paypal users.
It’s been receiving a closer examination by security experts lately as it has been able to successfully penetrate traditional finance’s customer-base.
In the report, threatpost described it as “… an effective spam campaign spreading the Trickbot banking Trojan that is coming from domains similar to those used by the financial institution.”
Basically, Trickbot mimicked Santander Bank by using sites with URLs similar to the ones used by the bank — fooling customers into revealing their private credentials.
What do you think of Trickbot being equipped to steal funds from accounts on Coinbase? Let us know in the comments below.
Images Via Coinbase