TrickBot

Pierluigi Paganini June 29, 2020
Office 365 users that are returning to the workplace targeted with Coronavirus training resources

Experts are warning of a new phishing campaign aimed at Office 365 users that are returning to the workplace with Coronavirus training resources. Threat actors continue to use Coronavirus lures adapting their technique to the current situation. The attack techniques adopted by the threat actors depends on the state of businesses in each region. In […]

Pierluigi Paganini May 02, 2020
TrickBot operators exploit COVID-19 as lures

IBM X-Force researchers spotted a new COVID-19-themed campaign spreading the infamous TrickBot trojan through fake messages. IBM X-Force researchers uncovered a new COVID-19-themed campaign that is spreading the infamous TrickBot trojan through fake messages. The spam messages pretend to be sent by the Department of Labor’s Family and Medical Leave Act (FMLA) and attempt to […]

Pierluigi Paganini April 18, 2020
Trickbot is the most prolific malware operation using COVID-19 themed lures

TrickBot is the malware that most of all is involved in COVID-19-themed attacks, Microsoft’s Office 365 Advanced Threat Protection (ATP) data reveals. The analysis of Microsoft Office 365 ATP data revealed that TrickBot is, at the moment, the malware operation with the highest number of unique COVID-19-themed malicious emails and attachments. Microsoft experts revealed that this campaign […]

Pierluigi Paganini March 19, 2020
Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

A new variant of the TrickBot malware is targeting telecommunications organizations in the United States and Hong Kong. Security experts from Bitdefender recently discovered a new TrickBot variant that is targeting telecommunications organizations in the United States and Hong Kong. TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously […]

Pierluigi Paganini March 19, 2020
Coronavirus news used by Emotet and Trickbot to evade detection

Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, new campaigns aim at spreading TrickBot and Emotet Trojans. Experts warn of new Coronavirus-themed attacks that are spreading TrickBot and Emotet Trojans. Operators behind these campaigns are using new Coronavirus-themed messages to attempt to bypass security software. The trend was first reported […]

Pierluigi Paganini January 09, 2020
TrickBot gangs developed the PowerTrick backdoor for high-value targets

Researchers at SentinelLabs reported that TrickBot operators used a new PowerShell backdoor in recent attacks aimed at high-value targets. SentinelLabs experts discovered a new PowerShell backdoor used by TrickBot operators in recent attacks aimed at Powershell high-value targets, such as financial institutions. TrickBot is a popular banking Trojan that has been around since October 2016, its […]

Pierluigi Paganini September 11, 2019
Dissecting the 10k Lines of the new TrickBot Dropper

Malware researchers at Yoroi-Cybaze analyzed the TrickBot dropper, a threat that has infected victims since 2016. Introduction TrickBot it is one of the best known Banking Trojan which has been infecting victims since 2016, it is considered a cyber-crime tool. But nowadays defining it a “Banking Trojan” is quite reductive: during the last years its modularity brought […]

Pierluigi Paganini August 29, 2019
A new variant of Trickbot banking Trojan targets Verizon, T-Mobile, and Sprint users

A new Trickbot Trojan variant is targeting Verizon Wireless, T-Mobile, and Sprint users, confirming the evolution of the threat. TrickBot is a popular banking Trojan that has been around since October 2016, its authors has continuously upgraded it by implementing new features. For example, in February Trend Micro detected a variant that includes a new module […]

Pierluigi Paganini January 14, 2019
Which is the link between Ryuk ransomware and TrickBot?

FireEye and CrowdStrike discovered that threat actors behind the Ryuk ransomware are working with another cybercrime gang to gain access to target networks. In August 2018, security experts from Check Point uncovered a ransomware-based campaign aimed at organizations around the world conducted by North Korea-linked threat actor. This is the first time that a security firm […]

Pierluigi Paganini July 05, 2018
New Smoke Loader campaign aims at stealing multiple credentials from many applications

Recently experts from Talos security spotted a malware campaign leveraging Smoke Loader to steal credentials from a broad range of applications. Security experts have discovered a new malware campaign leveraging Smoke Loader to steal credentials from web browsers, email clients, and other popular applications. The attack chain starts with messages using a weaponized Word document […]