Banking Trojan Trickbot Expands Even Further, Reaches Latin America and Adds Targets in Europe

Trickbot
Share Button

The Easy Solutions Security Operations Center has encountered a new variant of the ongoing Trickbot campaign. This variant appears to be adding new countries and banks to its target list.

Previously, the malware’s main targets were in the US, Canada, the UK, Spain, France, Finland, Sweden, Norway, Singapore, and Australia.

In its latest configuration (Version 1000044), we have observed a total of 346 URLs – a significant increase from the previously reported 200. This gives us proof that Trickbot has expanded to almost all of Europe, as well as a few Latin American countries. The new list of targets includes organizations from the following countries:

  •    Ireland
  •    Romania
  •    Italy
  •    Luxembourg
  •    Slovakia
  •    Belgium
  •    Germany
  •    Turkey
  •    Portugal
  •    Colombia
  •    Mexico
  •    Chile

The Trickbot code is now configured to attack the local URLs of almost all the major global banks in each country on the list. The downloaded Trickbot variant has the group tag “kas5”. The decrypted configuration files contain a list of targets already seen in previous campaigns, in addition to many financial institutions new to the list.

Trickbot remains a highly active malware with updated configuration being released on daily basis. The creators of TrickBot are adding new targets for the static injection, which continues to be a very dangerous threat, redirecting users to fake sites while showing the correct URL and the correct SSL certificate.

Mitigating Trickbot Attacks

For more technical information on Trickbot and our earlier coverage of the Trojan, click here and here.

To learn more about how to mitigate threats such as malware attacks, email spoofing, phishing, and redirection schemes, click here to read about our Digital Threat Protection Suite.

 

Related Posts

Is Your End-User Education Enough to Stop the Next Phishing Attack? Phishing is one of the oldest forms of digital fraud, and it shows no signs of going away anytime soon.
Video: See How Trickbot Works Trickbot has recently been making headlines, with a new version and new targets coming out almost every day.

Leave a Reply

Your email address will not be published. Required fields are marked *