Data Security

Black Lives Matter movement exploited to spread Trickbot malware

Cyber criminals can go down to any level to achieve their goals and the latest phishing scam only reiterates this fact. After raking in millions by exploiting the COVID-19 threat, cybercriminals are now after the Black Lives Matter (BLM) movement and exploiting it to distribute Trickbot malware.

Just a few days ago it was reported that there has been a widespread increase in cyberattacks targeting BLM movement. Now, according to the latest report from abuse.ch, a new phishing scam has surfaced to monetize from the BLM movement in which attackers are sending fake emails disguised as emails from the Country Administration.

Exclusive: Scammers using fake WHO Bitcoin wallet to steal donation

In this ongoing phishing scam, recipients are asked to anonymously vote for the BLM movement but in the background, Trickbot malware is launched to infect the device. The malware quickly spreads across the network and starts stealing login IDs and passwords. 

Screenshot of the fake email provided by Abuse.ch

It is worth noting that Trickbot is a piece of malware that has been targeting business and unsuspecting users since 2017. Some of its victims include McAfee anti-virus’ ClickProtect email protection service, users owning Bitcoin wallets, and most recently those who opened CV files infected with the nasty Trickbot.




According to Abuse.Ch’s researchers, the emails more or less contain similar subject lines such as “Vote anonymous about ‘Black Lives Matter.” Once opened, the recipient is asked to open the attached file titled e-vote_form_3438.doc for answering simple questions, and enable editing to leave a review about his or her views on the movement.

It is also stated that the review will be kept confidential. However, when the victim enables editing, Trickbot malware is launched in a DLL file and the infection can spread to all the devices connected to the network.

Hide your IP address & surf Internet anonymously with IPVanish

According to abuse.ch spokesperson, this spam campaign is mainly attacking users in the US, and the most concerning aspect is that Trickbot malware may lead to ransomware like Ryuk, apart from being capable of stealing sensitive banking data. 

For those who don’t know who Abuse.ch, the non-profit platform fights malware and other online threats. The platform also helps internet service providers and network operators protecting. their infrastructure from malware.

The malicious document that asks users to enable editing (Image: Abuse.ch)

The only way to prevent the threat of getting your device infected is to avoid opening email attachments, refrain from downloading unnecessary apps or software, install reliable anti-virus software.

Nevertheless, your online security is in your hands, therefore, take special precautions if you receive an email about some latest incident or event asking for your opinion because quite possibly it could be a phishing scam.

To Top

Pin It on Pinterest

Share This