TrickBot Banking Trojan Gets Screenlocker Component

[Faybert]

The most recent version of the TrickBot banking trojan now includes a screenlocker component, suggesting the malware's operators might soon start holding victims for ransom if infected targets don't appear to be e-banking users.

The good news is that the screenlocker mechanism is not fully functional just yet, and appears to still be under development.
...
...

New screenlocker module is still under development
The screenlocker module is part of one of the many files that TrickBot drops on victims computers. First sightings of this new TrickBot module date back to last week, March 15.

TrickBot, while known for being primarily a banking trojan, has evolved in recent years to become a "malware dropper."

TrickBot authors infect victims with an initial malware strain that is specialized in downloading various TrickBot modules —which are responsible for various operations. Previous known modules include the actual banking trojan (the browser injector), but also a module that sends email spam from infected hosts, and an SMB self-replicating worm for moving laterally inside larger networks.
....
....