Banking Trojan Trickbot Expands Even Further, Reaches Latin America and Adds Targets in Europe

Share Button

The Easy Solutions Security Operations Center has encountered a new variant of the ongoing Trickbot campaign. This variant appears to be adding new countries and banks to its target list.

Previously, the malware’s main targets were in the US, Canada, the UK, Spain, France, Finland, Sweden, Norway, Singapore, and Australia.

In its latest configuration (Version 1000044), we have observed a total of 346 URLs - a significant increase from the previously reported 200. This gives us proof that Trickbot has expanded to almost all of Europe, as well as a few Latin American countries. The new list of targets includes organizations from the following countries:

  •    Ireland
  •    Romania
  •    Italy
  •    Luxembourg
  •    Slovakia
  •    Belgium
  •    Germany
  •    Turkey
  •    Portugal
  •    Colombia
  •    Mexico
  •    Chile

The Trickbot code is now configured to attack the local URLs of almost all the major global banks in each country on the list. The downloaded Trickbot variant has the group tag “kas5”. The decrypted configuration files contain a list of targets already seen in previous campaigns, in addition to many financial institutions new to the list.

Trickbot remains a highly active malware with updated configuration being released on daily basis. The creators of TrickBot are adding new targets for the static injection, which continues to be a very dangerous threat, redirecting users to fake sites while showing the correct URL and the correct SSL certificate.

Mitigating Trickbot Attacks

For more technical information on Trickbot and our earlier coverage of the Trojan, click here and here.

To learn more about how to mitigate threats such as malware attacks, email spoofing, phishing, and redirection schemes, click here to read about our Digital Threat Protection Suite.


Related Posts

Customer Success Story: How Scanning the Dark Web Has Changed Elements Financial’s Security Scanning the dark web for stolen credentials isn’t necessarily on the radar of every financial institution – but it should be.
Account Takeover – What You Need to Know About This $7 Billion Scheme Account takeover (ATO) – it’s the ultimate goal of most fraud attacks, and already causes at least $6.5 billion to $7 billion USD in annual losses across multiple verticals.

Leave a Reply

Your email address will not be published. Required fields are marked *