Cybercrime What is TrickBot?

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459


Quote : " There are so many different types of malware that keeping up with them is not an easy task. Not only knowing them all is difficult, but also not very relevant as long as your security software is doing its job well. More and more malware is being developed and most don’t ever really become a huge global threat, or make headlines. That being sad, some types of malware raise more interest and concern due to their popularity among cyber criminals, the damage they do and other factors. And when you know the risks, you might want to be better prepared for them. One of these more prominent types of malware is called TrickBot. It started out in 2016 as a banking trojan and it was used to capture banking credentials and eventually make profit. It has since become a lot more than that. Here are four reasons why TrickBot should be on your radar.
1. TrickBot can be used in multiple ways
Stealing your online bank login credentials not bad enough? Wait, there’s more! Maybe not very surprising, but TrickBot can also spy on other information to gain access to email accounts, system and network information, tax information and so on. TrickBot can start spreading spam emails and also spread itself to other victims. It is believed to have compromised at least 250 million email accounts. TrickBot can also install a backdoor to your system so that it can be accessed remotely and used as a part of a botnet. TrickBot is at the moment mainly used to target corporate networks. However, it has been and can be used in the future to target consumer networks as well. When targeting businesses, TrickBot’s information stealing capabilities are especially dangerous and profitable.

2. Knock knock. Who's there? More malware.
TrickBot is a trojan, so it gets on your computer disguised as something legitimate, typically a word, excel or PDF document attached to an email. If it makes its way into a system, it will most likely download other malware. For example, TrickBot often downloads Ryuk ransomware after infection. The network is scanned to identify profitable targets for ransomware attacks. If deemed such, the ransomware is activated after enough information has been gathered and enough computers have been infected. TrickBot also often comes hand in hand with another malware called Emotet. When infecting a computer, they often download one another. This increases the damage and spreads both malware (and the aforementioned Ryuk) even further.

3. Modular malware
Notice that we’ve mentioned that TrickBot can do and can be different things? That’s because it’s a modular malware, meaning that not all TrickBot infections are the same. Depending on the version used by the attacker, it can include different kinds of functions. These versions can also update themselves and download other features. This is one of the reasons TrickBot is so popular among cyber criminals.
Click to expand...

Full source :
blog.f-secure.com

What is TrickBot? - 4 reasons this virus is dangerous - F-Secure Blog

TrickBot is a malware type, a computer virus which keeps on evolving. But what is TrickBot? Why is it so dangerous? Learn more from here!
blog.f-secure.com blog.f-secure.com
 
  • Like
  • +Reputation
  • Wow
Reactions: Parsh, Andy Ful, Nevi and 8 others
upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
In recent years, the modular banking trojan known as Trickbot has evolved to become one of the most advanced trojans in the threat landscape. It has gone through a diverse set of changes since it was first discovered in 2016, including adding features that focus on Windows 10 and modules that target point of sale (POS) systems. Not only does it function as a standalone trojan, Trickbot is also commonly used as a dropper for other malware such as the Ryuk ransomware. The wide range of functionality allows this malware to adapt to different environments and maximize effectiveness in a compromised network.

Trickbot is typically delivered via a spam email containing a malicious document or malicious URL. In most cases, the subject of the emails will contain wording that is intended to alarm the person who received it, such as an issue with a credit or debit card, and in recent examples preying on fears of the COVID-19 virus. Once this document has been opened, a macro will execute and download the next stage of the infection process. In some cases, the second stage of this infection chain is a loader like Emotet which in turn drops Trickbot. In a reverse of roles, Trickbot has also been commonly observed to drop other malware families.
Click to expand...
blog.talosintelligence.com

Trickbot: A primer

The group behind Trickbot has expanded its activities beyond credential theft into leasing malware to APT groups.
blog.talosintelligence.com blog.talosintelligence.com
 
  • Like
  • +Reputation
Reactions: Protomartyr, roger_m, Andy Ful and 5 others

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Technology The Week in Ransomware - January 26th 2024 - Govts strike back
Replies
0
Views
246
Technology News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Applause
    • +Reputation
Security News Police dismantle ransomware group behind attacks in 71 countries
Replies
1
Views
823
Security News
vtqhtr413
vtqhtr413
[correlate]
    • Like
    • +Reputation
Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
Replies
0
Views
872
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top