silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,151
Trickbot trojan now comes with a separate module for stealing browser cookies, threat researchers found on Tuesday, marking new progress in the malware's development.
Reported in October 2016, Trickbot started as a banking trojan but constant updates turned it into a multi-purpose threat that can steal sensitive information from applications, send spam, as well as deliver other types of malware on an infected computer.
The new module is dubbed Cookie Grabber and its purpose is only to steal cookies - bits of text that websites save in the browser for various purposes like remembering the login state, the website preferences, personalized content; or for tracking a user's browsing activity.
Trickbot's new module was first spotted on June 2 by malware researcher Brad Duncan during a Trickbot infection that delivered the file "cookiesDLL64."
Duncan published a short post with details about the traffic generated by Trickbot's latest module and the artifacts associated with it, as found on an infected Windows host. and the artifacts found on an infected Windows host that had the browser stealing module.