Security News Trickbot Evolves with Account-Checking Activity

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
While Trickbot has historically targeted the financial industry, it has now expanded its targeting of other industries via its account-checking activities, according to fresh analysis.

These kinds of attacks occur when threat actors use credentials stolen from past database breaches or compromises to gain unauthorized access to other accounts belonging to the same victims. However, the process of mining compromised data for correct username and password combinations requires significant computer processing power and proxy pool lists to be successful—a capability that is now exhibited by the Trickbot gang.

“Considered to be the successor of the formidable Dyre banking trojan gang, the Trickbot banking trojan gang continues to evolve by adopting new attack methods and targeting various industries,” said Vitali Kremez, researcher at Flashpoint, in a blog. “The gang account-checking operation requires a steady stream of new and ‘clean’ proxies to make sure their activities wouldn’t get automatically blocked by companies’ automatic IP origin anti-fraud systems. Therefore, their existing infections are turned into account-checking proxies.”

Flashpoint noted that Trickbot’s new trick is being perpetrated through the backconnect SOCKS5 module, enlisting victims as proxies. From Aug. 17 to the present, analysts at the firm have observed close to 6,000 unique compromised machines associated with Trickbot SOCKS5 proxy module activities. Of these machines, more than 200 of them were actively enlisted for account-checking fraud activities at any one time.

“The Trickbot gang continues to search for ways to monetize infections by adopting a hybrid attack model, which utilizes both Trickbot modular payloads and knowledgeable fraud operators, along with account-checking activity; such attacks are a combination of malware expertise and knowledgeable human operators,” Kremez said.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top