Instead of ripping each other's malware out of victim systems, the groups behind Trickbot and IcedID are playing nice with each other, says Flashpoint.
In what could be the beginning of a significant new trend, the operators of two separate banking botnets appear to have begun collaborating with each other in targeting systems and stealing money from victims.
Flashpoint says it has evidence suggesting the operators of the Trickbot and IcedID botnets have gotten into some kind of a profit-sharing arrangement in which they are using each other's malware and infrastructure to cash out victim bank accounts.
Such partnerships are extremely rare in the cybercrime world where rival groups are more likely to rip each other's malware out of victim systems than collaborate on a malicious campaign. For enterprises, the trend could spell new trouble.
"This collaboration indicates that sophisticated botnet malware operators will … team up to defeat anti-fraud measures in place when [a] reasonable profit-sharing agreement can be reached amongst various groups," says Vitali Kremez, director of research at Flashpoint.