Banking Trojan Trickbot Expands Even Further, Reaches Latin America and Adds Targets in Europe

Share Button

The Easy Solutions Security Operations Center has encountered a new variant of the ongoing Trickbot campaign. This variant appears to be adding new countries and banks to its target list.

Previously, the malware’s main targets were in the US, Canada, the UK, Spain, France, Finland, Sweden, Norway, Singapore, and Australia.

In its latest configuration (Version 1000044), we have observed a total of 346 URLs - a significant increase from the previously reported 200. This gives us proof that Trickbot has expanded to almost all of Europe, as well as a few Latin American countries. The new list of targets includes organizations from the following countries:

  •    Ireland
  •    Romania
  •    Italy
  •    Luxembourg
  •    Slovakia
  •    Belgium
  •    Germany
  •    Turkey
  •    Portugal
  •    Colombia
  •    Mexico
  •    Chile

The Trickbot code is now configured to attack the local URLs of almost all the major global banks in each country on the list. The downloaded Trickbot variant has the group tag “kas5”. The decrypted configuration files contain a list of targets already seen in previous campaigns, in addition to many financial institutions new to the list.

Trickbot remains a highly active malware with updated configuration being released on daily basis. The creators of TrickBot are adding new targets for the static injection, which continues to be a very dangerous threat, redirecting users to fake sites while showing the correct URL and the correct SSL certificate.

Mitigating Trickbot Attacks

For more technical information on Trickbot and our earlier coverage of the Trojan, click here and here.

To learn more about how to mitigate threats such as malware attacks, email spoofing, phishing, and redirection schemes, click here to read about our Digital Threat Protection Suite.


Related Posts

Meet Lucifer: A New International Trojan The cat-and-mouse game between cybercriminals and security analysts never stops. Every so often, the mouse (in this case, represented by some kind of malware) pulls out front at a pace that catches that cat (the security solution) off guard.
Blunt Phishing’s Hook with Victim Insights 2.0

Typically, anti-phishing protection is a hammer that views every malicious site as a similarly-sized nail. It discovers a phishing site, slates it for removal, and eventually removes it from the...internet so that users can’t click on or enter their credentials into it.

Leave a Reply

Your email address will not be published. Required fields are marked *