Save YOUR Business from Losing Market Share & Customer Trust in the Wake of Data Breach!
While businesses are increasingly aware of the many dangers that cyber-attacks can present to their company, it seems that they still aren’t entirely...
3 min read
Lance Stone : Mar 18, 2019 1:57:00 PM
TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.
TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.
The Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a security primer on TrickBot. Originally developed in 2016 as a Windows-based banking Trojan, TrickBot has recently advanced its capabilities.
TrickBot is a modular banking trojan that targets user financial information and acts as a vehicle for other malware. It uses Man-in-the-Browser attacks to steal financial information such as login credentials for online banking sessions. (The majority of financial institutions consider Man In The Browser attacks as the greatest threat to online banking.)
Malware developers are continuously releasing new modules and versions of TrickBot— And they’ve done this once again.
TrickBot is disseminated via malspam campaigns. Malspam is a combination of malware and spam. It’s usually delivered through phishing or spear-phishing emails. Its goal is to exploit computers for financial gain.
These malspam campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment.
TrickBot is also dropped as a secondary payload by other malware such as Emotet. Some of TrickBot’s modules abuse the Server Message Block (SMB) Protocol to spread the malware laterally across a network. (SMB is an application-layer network protocol that facilitates network communication while providing shared access to client files, printers and serial ports.)
The developers behind TrickBot have continue to add more features via modules to this potent trojan virus. It can download new modules that allow it to evolve if left unchecked.
The malspam campaigns that deliver TrickBot use third-party branding looks familiar to you and your staff such as invoices from accounting and financial firms. The emails typically include an attachment, such as a Microsoft Word or Excel document. If you open the attachment, it will execute and run a script to download the TrickBot malware.
And, TrickBot is really tricky. It runs checks to ensure that it isn’t put in a sandboxed (quarantined) environment. Then it attempts to disable your antivirus programs like Microsoft’s Windows Defender.
And even worse, TrickBot redeploys itself in the “%AppData%” folder and creates a scheduled task that provides persistence. Persistence is the continuance of the effect after its cause is removed. So, even after you remove TrickBot, it can still create problems.
TrickBot’s modules steal banking information, perform system/network reconnaissance, harvest credentials and can propagate throughout your network.
TrickBot:
In November 2018, a module was developed and added that gave TrickBot the ability to steal credentials from popular applications such as Filezilla, Microsoft Outlook, and WinSCP.
In January 2019, three new applications were targeted for credential grabbing: VNC, Putty, and RDP.
In addition, it can also steal credentials and artifacts from multiple web browsers (Google Chrome/Mozilla Firefox/Internet Explorer/Microsoft Edge) including your browsing history, cookies, autofills, and HTTP Posts.
We recommend that you contact us and arrange for the following to protect against the TrickBot malware:
Don’t let TrickBot use its tricks to steal your confidential data. Contact us for comprehensive IT Security Analysis and Remediation to keep TrickBot out of your network.
While businesses are increasingly aware of the many dangers that cyber-attacks can present to their company, it seems that they still aren’t entirely...
Who Has Been Impacted by Chinese Cyber Attacks?
1 min read
When people go to their doctors, they assume their information is protected. They freely and willingly provide personal information, like social...
On Time Tech is an IT Support and Computer Services company serving California. We provide services to the areas in and around We know businesses like yours need technology support in order to run highly-effective organizations. Leverage pro-growth technology services for your company now.
San Francisco:
182 Howard St.
Suite 108
San Francisco, CA 94105
Business Hours:
M-F: 8AM-9PM
© 2024 On Time Tech