TrickBot Banking Trojan gets a new look

Next story

First appearing in 2016, the TrickBot Banking Trojan has been ever changing. The latest evolution has added a new revenue stream for the malware’s author. 

Malware is constantly evolving and changing in an attempt to stay one-step ahead of Internet Security and Antivirus software.

Ondrej Kubovič, ESET Security Awareness Specialist, comments on the evolution of the TrickBot Banking Trojan and why it’s changing.

“As the attackers are using vulnerabilities (EternalBlue, EternalRomance exploits target already patched vulnerabilities in Windows operating systems) to spread their malicious code, keeping all company devices patched and updated would help mitigate this threat.

“Also using a reliable and multi-layered security solution, which can block similar attack attempts, is a good way to increase organisation’s protection.

“It seems that the attackers behind this malware family are trying to diversify their revenue streams.

“TrickBot is known for its credential stealing capabilities mainly going after banking credentials. However, this campaign shows that the attackers are working on a lock-screen functionality that would enable them to also block victims’ machines and ask for ransom.

“Our research also shows that this malware family has tried to harvest user credentials and passwords for cryptocurrency exchanges and download cryptomining malware into the infected device.

“All of these techniques – cryptomining, stealing larger variety of credentials, screen locking – represent additional revenue streams for black-hats behind TrickBot.

“Cybercriminals go where the money is. And financial institutions as well as cryptocurrency services are the places where it currently is.

“Organisations can increase their security by following the rules of cyber hygiene (by minimizing their attack surface, keeping their devices and software updated and patched, using a reliable security solution, training their employees, using strong passwords and 2FA).

“To protect their clients’ organisations should build awareness about social engineering, malware as well as other forms of attacks they might encounter.

“Organisations should also encourage use of additional factors of authentication – so even if users’ credentials are stolen, it is much harder to misuse them.”

What do you think of the recent trend in cryptomining malware? Let us know on Twitter @ESETUK.