The Cybersecurity and Infrastructure Security Agency (CISA) and FBI have warned of an uptick in attacks deploying the TrickBot malware, largely utilizing phishing campaigns as the initial infection vector. The two entities released a joint advisory to the public on Wednesday, alerting individuals of the sophisticated attacks. According to the announcement, a group of cybercriminals are leveraging a traffic infringement phishing scheme that lures victims into downloading the malware.

TrickBot was originally observed in 2016 and has since become one of the most prevalent malware families. In October 2020, Microsoft announced that it had disrupted the infrastructure behind TrickBot, taking most of it down. However, the malware survived the takedown attempt and came back stronger, with several new updates that protected against similar attempts. The recent attacks confirm that TrickBot’s operators were able to restore their malicious operations.

Read More: Five Months After Takedown Attempt, CISA and FBI Warn of Ongoing TrickBot Attacks