Trickbot Trojan Now Has a Separate Cookie Stealing Module

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/trickbot-trojan-now-has-a-separate-cookie-stealing-module/

Trickbot trojan now comes with a separate module for stealing browser cookies, threat researchers found on Tuesday, marking new progress in the malware's development.

Reported in October 2016, Trickbot started as a banking trojan but constant updates turned it into a multi-purpose threat that can steal sensitive information from applications, send spam, as well as deliver other types of malware on an infected computer.

The new module is dubbed Cookie Grabber and its purpose is only to steal cookies - bits of text that websites save in the browser for various purposes like remembering the login state, the website preferences, personalized content; or for tracking a user's browsing activity.

Trickbot's new module was first spotted on June 2 by malware researcher Brad Duncan during a Trickbot infection that delivered the file "cookiesDLL64."
Duncan published a short post with details about the traffic generated by Trickbot's latest module and the artifacts associated with it, as found on an infected Windows host. and the artifacts found on an infected Windows host that had the browser stealing module.