Bleeping Computer Edition informsthat information security specialist Advanced Intel Vitaliy Kremez studied a new version of the famous malvari TrickBot and found an interesting bug in it. It turned out that the test version of the module for stealing grabber.dll passwords, most likely included in the Malvari by mistake, warns victims of compromise.
So, after loading, this module displays a warning in the default browser. It states that the grabber program collects information from the browser, and the victim urgently needs to contact his system administrator.
Bleeping Computer notes that on Reddit you can already find user complaintsinfected with the latest version of TrickBot, who are perplexed why Firefox suddenly began to warn them about some grabber program.
The grabber.dll module, as you might guess from its name, is designed to steal passwords and cookies from the browsers Chrome, Edge, Internet Explorer and Firefox. Data stolen in this way can be used by hackers to log into victims' accounts.
Vitaliy Kremez believes that this module was created by the TrickBot developers themselves, since the code steel coincides with the rest of the components of the malware. Apparently, hackers checked the new version of Malvari and simply forgot to remove the test iteration of the module from it when the release took place.
Let me remind you that the TrickBot malware is mainly distributed through spam emails. After installing the victim on the machine, the malware downloads various additional modules that perform a variety of tasks: stealing the Active Directory Services database, collecting passwords and cookies from the browser, stealing OpenSSH keys, and further distribution throughout the network.
Even worse, TrickBot ultimately provides access to ransomware-infected ransomware operators, including Ryuk and Conti.