The threat actor behind the infamous TrickBot botnet has added new functionality to their malware to request PIN codes from mobile users, Secureworks reports.

Operated by the hacking group previously associated with the Dyre Trojan, TrickBot has been around since October 2016, targeting hundreds of organizations around the world, mostly financial institutions.

Starting in August 2019, the malware operators modified the webinjects used by TrickBot to target three of the largest mobile carriers in the United States, namely Verizon Wireless (August 5), T-Mobile (August 12), and Sprint (August 19).