Trickbot operators have updated the botnet with new anti-analysis features. They are using it to target customers of 60 high-profile technology and financial firms, including cryptocurrency firms located in the U.S.
TrickBot’s new avatar
Trickbot has now grown into a versatile malware with more than 20 modules that are downloadable on demand.
- The operators are using these modules to target high-profile organizations, including IT giants (Amazon, AOL, Yahoo, Microsoft), banks (Bank of Montreal, Centennial Bank), and credit card service providers (AmericanExpress).
- Targeted organizations also include cryptocurrency financial services such as Blockchain.com.
- Moreover, researchers suspect that the actual victims are not the brands themselves but their customers. Attackers may be attempting to steal user credentials and obtain access to these portals.
The targeted regions
The majority of infections were spotted in APAC (3.3%), followed by Latin America (2.1%). The other targeted regions were Europe (1.9%), Africa (1.8%), and North America (1.4%).
Anti-analysis enhancements
Trickbot operators have added three new modules to enhance the malware’s anti-analysis capabilities:
- The injectDll module performs web and browser data injection to steal banking and credential data. Moreover, it implements anti-analysis techniques, such as the crashing of the tab process.
- The tabDLL module collects the user’s credentials and spreads the threat using a network share.
- The pwgrabc module steals the passwords from apps and web browsers, such as Filezilla, Chrome, IE, Edge, RDP, Putty, OpenSSH, Outlook, WinSCP, TeamViewer, and OpenVPN.
Concluding note
Trickbot developers are very experienced and have sound technical knowledge. The modular nature of the threats is devastating for victims. This malware stands as a priority threat, requiring continuous monitoring and tracking by the security community around the globe.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_509910508.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/2670_shutterstock_1361437598.jpg)
