Cybersecurity professionals have to deal with the increasing threat of Trickbot malware.
The malware uses phishing attacks and web injections to target 60 large tech companies’ customers by accessing their personal information and login credentials.
Together with other simple malware such as Dridex, Agent Tesla, DanaBot, and Zeus, Trickbot started as a non-threatening bank trojan.
The carrying out of a major police operation and the 2016 elimination of the Dyre botnet led to the malware’s way more attention.
The international operation led by Europol and the FBI played the role of getting rid of the infrastructure supporting the Emotet Bonnet.
The malware is prevalent among criminals because it can tailor its attacks. Trickbot also can perform many different attacks due to its modular nature.
A recent Check Point Research study shows that many hackers use Trickbot to target organizations. The study indicated how the malware had become an issue for 60 large corporations, most based in the United States.
The malware’s operators do not intend to attack the company directly. Instead, they use Trickbot to leverage the reputations and names of the brands.
Among the brands that Trickbot is targeting, according to the study, are Wells Fargo, Bank of America, Amazon, PayPal, and American Express. Others include RobinHood, Blockchain.com, and the Navy Federal Credit Union.
Firms that the study concluded the Trickbot malware attack belonged to the cryptocurrency, financial firms, and technology industry.
Though the Trickbot can use up to 20 modules, the study discovered three that it paid attention to over the rest.
The three modules caused some of the most straightforward issues to the PCs and affected how the users operated their systems.
These three modules are:
The study provided the technical details on these three modules to prevent analysis and reverse engineering.
The first module, injectDII, has web injection features that affect a browser session for a user.
The injection includes putting JavaScript code into browsers for banking data and stealing account credentials.
The thieves do this by redirecting the users to a counterfeit page they believe one of the large corporations owns.
To prevent detection, the format for injection uses an obfuscated payload.
The second module, TabDLL, has five different steps of stealing a victim’s information.:
The module also implores EternalRomance for exploiting and spreading the malware across SMBv1 networks.
The pwgrabc is another module that affects how the malware spreads.
The module steals victims’ credentials from the specific applications that store them, such as Chrome, Firefox, and Internet Explorer.
Login credentials are the most common information this module stole, ensuring the bot can spread without restrictions.
The dangers of the Trickbot are apparent, and researchers have stated they will continue to monitor how it affects users.
Researchers opine that although the Trickbot’s effect is still under investigation, the creation process will not waste.
They argue that users can instill the skill and technology in the future if users can put the bot to better use.
An IBM research study shows that new variants of the Trickbot malware affect computers.
The variants contain specific features that block the researchers as they aim to use reverse engineering to analyze the malware.
Trickbot is most likely to enter into a loop in the code beautification process. Beautification of the code involves cleaning it up for easier readability and analysis.
The post Attacks against Customers of Top Brands Bank of America and Wells Fargo by Trickbot appeared first on Hacker Combat.
Write a AI detection pass, persuasive, cickable, catchy, well structured and seo optimized article with… Read More
AI Will Make Human Art More Valuable AI models are increasing in popularity and value… Read More
UK Set to Announce Ban on TikTok on Government Smartphones: Report Following in the footsteps… Read More
How ChatGPT and Generative AI Could Change the Way We Travel The travel industry is… Read More
The curious case of Pluto! Is it a dwarf planet, comet or an asteroid? This… Read More
A Spy Wants to Connect with You on LinkedIn: How to Spot and Avoid Fake… Read More
Leave a Comment