TrickBot banking virus is now targeting niche financial institutions
A trojan virus that has previously targeted banks is now expanding its reach to niche financial institutions, according to newly published research.
The team at IBM Corp.’s X-Force security research team found in a recent analysis of the TrickBot malware that campaigns using the “infamous trojan” are now adding new redirection attacks focused on private banks, private wealth management firms, investment banking and, in one case, a retirement insurance and annuity company.
Discovered in 2016, TrickBot initially targeted large banks in Australia and the United Kingdom with a range of attack vectors that ultimately led to hackers gaining access to networks to attempt to steal funds. The people behind the development of the trojan are believed to be the same team behind an earlier form of malware called “Drye” that ran rampant for several years until it stopped in 2015, ostensibly thanks to a raid carried out by Russian authorities.
According to X-Force Executive Security Adviser Limor Kessem, TrickBot activity has been detected ramping up in Australia, New Zealand and the U.K. ,with the malware growing from one to three major campaigns per month to five campaigns in April. “It is possible that TrickBot’s operators are increasing their spam runs in the target geographies and attempting to infect more endpoints before going into an attack phase next,” Kessem noted.
An analysis of TrickBot’s configuration found that a list of targets for the trojan has now expanded to more than 300 URLs, including a Sharia law-compliant bank, 20 new private banking brands in the U.K., as well as eight building societies, two Swiss banks and four investment banking firms in the U.S.
“In terms of its attack types, TrickBot is quite similar to Dyre. Its signature moves are browser manipulation techniques that enable the malware to implement server-side web injections and redirection attacks,” Kessem added.
In conclusion, Kessem predicts that TrickBot, given its current growth projectory, is set to become one of the most prevalent financial malware families worldwide by the end of the year.
Photo: Jorge Láscar/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU