Banking Trojan Trickbot Expands Even Further, Reaches Latin America and Adds Targets in Europe

Share Button

The Easy Solutions Security Operations Center has encountered a new variant of the ongoing Trickbot campaign. This variant appears to be adding new countries and banks to its target list.

Previously, the malware’s main targets were in the US, Canada, the UK, Spain, France, Finland, Sweden, Norway, Singapore, and Australia.

In its latest configuration (Version 1000044), we have observed a total of 346 URLs - a significant increase from the previously reported 200. This gives us proof that Trickbot has expanded to almost all of Europe, as well as a few Latin American countries. The new list of targets includes organizations from the following countries:

  •    Ireland
  •    Romania
  •    Italy
  •    Luxembourg
  •    Slovakia
  •    Belgium
  •    Germany
  •    Turkey
  •    Portugal
  •    Colombia
  •    Mexico
  •    Chile

The Trickbot code is now configured to attack the local URLs of almost all the major global banks in each country on the list. The downloaded Trickbot variant has the group tag “kas5”. The decrypted configuration files contain a list of targets already seen in previous campaigns, in addition to many financial institutions new to the list.

Trickbot remains a highly active malware with updated configuration being released on daily basis. The creators of TrickBot are adding new targets for the static injection, which continues to be a very dangerous threat, redirecting users to fake sites while showing the correct URL and the correct SSL certificate.

Mitigating Trickbot Attacks

For more technical information on Trickbot and our earlier coverage of the Trojan, click here and here.

To learn more about how to mitigate threats such as malware attacks, email spoofing, phishing, and redirection schemes, click here to read about our Digital Threat Protection Suite.


Related Posts

Fraud in the Time of Coronavirus As the world grapples with the Coronavirus pandemic, self-isolation and stay-at-home-orders have increasingly become the norm.
Coronavirus and Cyberattacks: Tips to Keep your Customers Secure Fraud attacks are now on the rise, with malicious actors launching targeted phishing and malware attacks, capitalizing on the Coronavirus pandemic. Having a strong cybersecurity strategy in place has never been more critical.  

Leave a Reply

Your email address will not be published. Required fields are marked *