The Trickbot malware is a thorn in the side of cybersecurity professionals and is now targeting customers of 60 large institutions in phishing attacks and via web injections.
See also: FBI: Links Diavol ransomware to the developers of TrickBot
Trickbot started its journey as a relatively simple Banking Trojan along with Zeus, Agent Tesla, Dridex and DanaBot. However, after the withdrawal of the Dyre botnet in 2016 and the discontinuation of the infrastructure supporting the prolific botnet Emotet by Europol and the FBI last year, more attention was paid to Trickbot's activities.
The malware is modular, which means that users can adopt the malware software to carry out a wide range of attacks - and these attacks can be tailored to the desired victims.
On February 16, Check Point Research (CPR) published a new study on Trickbot, noting that the malware is now being used in targeted attacks against clients of 60 "high-profile" organizations, many of which are located in the United States.
See also: The Emotet botnet is back with the help of Trickbot
The companies themselves are not victims of malware. In contrast, TrickBot operators leverage the reputation and names of brands in numerous attacks.
According to CPR, some of the brands abused by TrickBot are Bank of America, Wells Fargo, Microsoft, Amazon, PayPal, American Express, Robinhood, Blockchain.com and the Federal Maritime Credit Union.
Financial institutions, cryptocurrency exchanges and technology companies are all on the list.
The researchers have also provided technical details of three key modules - of the 20 or so that Trickbot can use - used in attacks and to prevent parsing or reverse-engineering.
See also: TrickBot malware: its dev faces 60-year prison sentence
In a separate research study published by IBM Trusteer in January, variants of Trickbot were discovered that contain new features designed to prevent researchers trying to analyze malware via reverse-engineering.
Source of information: zdnet.com
