A trojan virus that has previously targeted banks is now expanding its reach to niche financial institutions, according to newly published research.

The team at IBM Corp.’s X-Force security research team found in a recent analysis of the TrickBot malware that campaigns using the “infamous trojan” are now adding new redirection attacks focused on private banks, private wealth management firms, investment banking and, in one case, a retirement insurance and annuity company.

Discovered in 2016, TrickBot initially targeted large banks in Australia and the United Kingdom with a range of attack vectors that ultimately led to hackers gaining access to networks to attempt to steal funds. The people behind the development of the trojan are believed to be the same team behind an earlier form of malware called “Drye” that ran rampant for several years until it stopped in 2015, ostensibly thanks to a raid carried out by Russian authorities.

According to X-Force Executive Security Adviser Limor Kessem, TrickBot activity has been detected ramping up in Australia, New Zealand and the U.K. ,with the malware growing from one to three major campaigns per month to five campaigns in April. “It is possible that TrickBot’s operators are increasing their spam runs in the target geographies and attempting to infect more endpoints before going into an attack phase next,” Kessem noted.

An analysis of TrickBot’s configuration found that a list of targets for the trojan has now expanded to more than 300 URLs, including a Sharia law-compliant bank, 20 new private banking brands in the U.K., as well as eight building societies, two Swiss banks and four investment banking firms in the U.S.

“In terms of its attack types, TrickBot is quite similar to Dyre. Its signature moves are browser manipulation techniques that enable the malware to implement server-side web injections and redirection attacks,” Kessem added.

In conclusion, Kessem predicts that TrickBot, given its current growth projectory, is set to become one of the most prevalent financial malware families worldwide by the end of the year.

Photo: Jorge Láscar/Wikimedia Commons