Cybercrime What is TrickBot?

upnorth · Dec 2, 2019

Quote : " There are so many different types of malware that keeping up with them is not an easy task. Not only knowing them all is difficult, but also not very relevant as long as your security software is doing its job well. More and more malware is being developed and most don’t ever really become a huge global threat, or make headlines. That being sad, some types of malware raise more interest and concern due to their popularity among cyber criminals, the damage they do and other factors. And when you know the risks, you might want to be better prepared for them. One of these more prominent types of malware is called TrickBot. It started out in 2016 as a banking trojan and it was used to capture banking credentials and eventually make profit. It has since become a lot more than that. Here are four reasons why TrickBot should be on your radar.

1. TrickBot can be used in multiple ways
Stealing your online bank login credentials not bad enough? Wait, there’s more! Maybe not very surprising, but TrickBot can also spy on other information to gain access to email accounts, system and network information, tax information and so on. TrickBot can start spreading spam emails and also spread itself to other victims. It is believed to have compromised at least 250 million email accounts. TrickBot can also install a backdoor to your system so that it can be accessed remotely and used as a part of a botnet. TrickBot is at the moment mainly used to target corporate networks. However, it has been and can be used in the future to target consumer networks as well. When targeting businesses, TrickBot’s information stealing capabilities are especially dangerous and profitable.

2. Knock knock. Who's there? More malware.
TrickBot is a trojan, so it gets on your computer disguised as something legitimate, typically a word, excel or PDF document attached to an email. If it makes its way into a system, it will most likely download other malware. For example, TrickBot often downloads Ryuk ransomware after infection. The network is scanned to identify profitable targets for ransomware attacks. If deemed such, the ransomware is activated after enough information has been gathered and enough computers have been infected. TrickBot also often comes hand in hand with another malware called Emotet. When infecting a computer, they often download one another. This increases the damage and spreads both malware (and the aforementioned Ryuk) even further.

3. Modular malware
Notice that we’ve mentioned that TrickBot can do and can be different things? That’s because it’s a modular malware, meaning that not all TrickBot infections are the same. Depending on the version used by the attacker, it can include different kinds of functions. These versions can also update themselves and download other features. This is one of the reasons TrickBot is so popular among cyber criminals.

Full source :

What is TrickBot? - 4 reasons this virus is dangerous - F-Secure Blog

TrickBot is a malware type, a computer virus which keeps on evolving. But what is TrickBot? Why is it so dangerous? Learn more from here!

blog.f-secure.com

upnorth · Apr 2, 2020

In recent years, the modular banking trojan known as Trickbot has evolved to become one of the most advanced trojans in the threat landscape. It has gone through a diverse set of changes since it was first discovered in 2016, including adding features that focus on Windows 10 and modules that target point of sale (POS) systems. Not only does it function as a standalone trojan, Trickbot is also commonly used as a dropper for other malware such as the Ryuk ransomware. The wide range of functionality allows this malware to adapt to different environments and maximize effectiveness in a compromised network.

Trickbot is typically delivered via a spam email containing a malicious document or malicious URL. In most cases, the subject of the emails will contain wording that is intended to alarm the person who received it, such as an issue with a credit or debit card, and in recent examples preying on fears of the COVID-19 virus. Once this document has been opened, a macro will execute and download the next stage of the infection process. In some cases, the second stage of this infection chain is a loader like Emotet which in turn drops Trickbot. In a reverse of roles, Trickbot has also been commonly observed to drop other malware families.