UPDATED 23:37 EST / MAY 01 2017

INFRA

TrickBot banking virus is now targeting niche financial institutions

A trojan virus that has previously targeted banks is now expanding its reach to niche financial institutions, according to newly published research.

The team at IBM Corp.’s X-Force security research team found in a recent analysis of the TrickBot malware that campaigns using the “infamous trojan” are now adding new redirection attacks focused on private banks, private wealth management firms, investment banking and, in one case, a retirement insurance and annuity company.

Discovered in 2016, TrickBot initially targeted large banks in Australia and the United Kingdom with a range of attack vectors that ultimately led to hackers gaining access to networks to attempt to steal funds. The people behind the development of the trojan are believed to be the same team behind an earlier form of malware called “Drye” that ran rampant for several years until it stopped in 2015, ostensibly thanks to a raid carried out by Russian authorities.

According to X-Force Executive Security Adviser Limor Kessem, TrickBot activity has been detected ramping up in Australia, New Zealand and the U.K. ,with the malware growing from one to three major campaigns per month to five campaigns in April. “It is possible that TrickBot’s operators are increasing their spam runs in the target geographies and attempting to infect more endpoints before going into an attack phase next,” Kessem noted.

An analysis of TrickBot’s configuration found that a list of targets for the trojan has now expanded to more than 300 URLs, including a Sharia law-compliant bank, 20 new private banking brands in the U.K., as well as eight building societies, two Swiss banks and four investment banking firms in the U.S.

“In terms of its attack types, TrickBot is quite similar to Dyre. Its signature moves are browser manipulation techniques that enable the malware to implement server-side web injections and redirection attacks,” Kessem added.

In conclusion, Kessem predicts that TrickBot, given its current growth projectory, is set to become one of the most prevalent financial malware families worldwide by the end of the year.

Photo: Jorge Láscar/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.

Cookies

We employ the use of cookies. Find out more.