TrickBot malware may have hacked 250 million email accounts

Including millions belonging to governments in the US, UK and Canada.

Sponsored Links

seksan Mongkhonkhamsao via Getty Images
seksan Mongkhonkhamsao via Getty Images

TrickBot malware may have stolen as many as 250 million email accounts, including some belonging to governments in the US, UK and Canada. The malware isn't new. In fact, it's been circulating since 2016. But according to cybersecurity firm Deep Instinct, it has started harvesting email credentials and contacts. The researchers are calling this new approach TrickBooster, and they say it first hijacks accounts to send malicious spam emails and then deletes the sent messages from both the outbox and trash folders.

In a recent investigation, Deep Instinct found a database containing 250 million compromised email accounts. The firm says millions of those belong to governments in the US and UK, as well as agencies in Canada. The database contained more than 25 million Gmail addresses, 19 million Yahoo.com addresses and 11 million Hotmail.com addresses. AOL, MSN and Yahoo.co.uk were also hit. As DeepInstinct points out, TrickBot could use those emails to distribute more of its own malware.

According to TechCrunch, the researchers first detected TrickBooster on June 25th. Deep Instinct is still investigating, and it's in the process of sharing information with authorities. The update is unsettling, as it's so widespread, and as Deep Instinct puts it, TrickBooster is a "powerful addition to TrickBot's vast arsenal of tools."

Engadget was owned by Verizon between June 2015 and September 2021. Engadget's parent company is now Yahoo Inc.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
View All Comments
TrickBot malware may have hacked 250 million email accounts