[email protected] is one of the latest email addresses used by Trickbot banking Trojan authors to mass spam users all over the world.
The latter email address has nothing to do with the same-named company which website matches the name after @. That is to say, the crooks just have picked up this name to make their message look more trustworthy. This misleads too many users into opening what the message wants them to open.
The spam email reads as follows: “Voice Message Attached from 01258895166 – name unavailable [ random numbered]”. The design of the hack provides for that you open an attachment. Of course, instead of the message email here comes a Trojan.
In the case of a typical payload, you are going to get a Trickbot malware. This infection steals your passwords and other credentials. It is basically a banking Trojan. Its priority target is your banking account.
Observations and reports reveal that most of the victims represent small and medium enterprises. They are more likely to respond to such kind of spam than individual and corporate users.
Opening the malicious attachment spawns the malware installation from the hacker’s hub. For instance, the following URL is known to discharge the virus: http://avocats-france-maroc.com
The content dropped comes in js format. It is not yet an executor of the ultimate payload. The latter arrival is due as the js dropped contacts a list of servers.
A typical payload drops the banking Trojan. However, this basic functionality often goes beyond the banking Trojan introduction. In the wild, instances of [email protected] have also been observed to drop ransomware. Such infections encrypt your files holding them hostage. They threaten to, and actually destroy, the decryption key, unless you pay the ransom demanded. On the other hand, the experts and the users concerned admit the ransom transferred does not guarantee the crooks discharge the decryptor.
With threats such as Trickbot, prevention is the best cure. This rule always applies, but is of particular importance in the case of ransom and stealing payloads. Meanwhile, at the post-invasion stage, the removal of Trickbot received from [email protected] is critical. To get rid of Trickbot received from [email protected] and introduce the best practice of prevention and recovery, proceed with the guidance below.
Automatic removal of Trickbot Trojan
The benefits of using the automatic security suite to get rid of this infection are obvious: it scans the entire system and detects all potential fragments of the virus, so you are a few mouse clicks away from a complete fix.
- Download and install recommended malware security suite
- Select Start Computer Scan feature and wait until the utility comes up with the scan report. Proceed by clicking on the Fix Threats button, which will trigger a thorough removal process to address all the malware issues compromising your computer and your privacy.
Data backups work wonders
Viruses like Trickbot aren’t nearly as almighty and destructive in case you run regular file backups to the cloud or external data media. The virus itself can be completely removed in a matter of minutes, and the distorted information can then be just as easily recovered from the backup.