Threat actors are using TrickBot malware, which previously plagued US banks, in order to carry out SIM swapping attacks targeting users of Verizon, T-Mobile, Sprint and other US-based mobile carriers, Dell researchers warn. In a SIM swapping attack, a fraudster will use the cellular account data of a victim to get the latter’s phone number transferred to another SIM. This can then be used by the attacker to carry out further attacks, like impersonating the victim or taking over user accounts protected by SMS-based multi-factor authentication.
The TrickBot operators have added a new module that can inject malicious code into the websites of various mobile carriers. When a victim uses an infected device to navigate to one of those websites, TrickBot will modify the content on the login page so that it will ask for their PIN number, which the attackers can then harvest and use for SIM swapping.
Read more: TrickBot Targets Verizon, T-Mobile, Sprint Users to Siphon PINs