TrickBot Banking Trojan has shown a huge increase in its activities in past few months and is involved in various malware distribution campaigns. It is targeting e-banking applications, PayPal accounts as well as business CRM’s. The TrickBot Trojan is active from September 2016 and it is relatively new threat. Last year, many of the cyber-researchers had categorized it as a up gradation and new version of Dyre Trojan. With time, the associate cyber-criminals got strengthened and they added code which could now support more fake login screens. Now, it can be used to steal more credential from users all around the world. Interestingly, till April 2017, TrickBot has targeted only Australian banks as per record but now it is spreading to the banks of other countries including Canada, US, UK Germany, France, Switzerland and so on. There has been sudden spike in such attacks in the month of June, this year. They are now using email spam to spread the Trojan payloads and this has been previous with Jaff Ransomware. The email contains a PDF file which lure user for opening Word file and then asks to enable macros to view the content. This whole social engineering process may look complex and ineffective but the data gathered by IBM X-Force tell otherwise. TrickBot has emerged as 8th most successful banking Trojan and its overall share has risen up to 3% which was only 1% few months back.
New Targets of TrickBot
According to Cyber-Security firm, F5 Network, TrickBot are now targeting more than banks. The new TrickBot attacked CRM (Customer Relationship Manager) applications of two SAAS providers, (Salesforce and Reynolds & Reynolds). Additionally, TrickBot also managed to show fake login pages for more than 33 PayPal login URL. According to speculation, original developer of Dyre is somehow involved with TrickBot and this is a part of research.
The aggressive Trickbot distribution campaigns and huge increase in Trojan attacks confirms that someone with extension caliber and high expertise is being TrickBot banking Trojan. The speed at which it is spreading and targeting new geographical corners, it will surely become one of the top banking Trojans of recent time.