Posted on October 13, 2017 at 6:34 PM
New Trickbot Spreads to Over 40 Countries
The new Trojan has the ability to drain a user’s bank account and is currently active over 40 countries.
Researchers confirmed earlier this week that a notorious computer software Trojan is currently being used to drain bank accounts across 40 different countries across the globe.
According to a security expert at IBM’s X-Force division, Lior Kessem, “Trickbot”, the malicious Trojan, was most recently encountered in South American computers, including Argentina, Chile, Colombia, and Peru.
Despite the severity of attacks, the number of attacks, at least in Latin America, remains relatively small. Despite the small numbers, IBM researchers stated that they believe these attacks to be a test run for the responsible cybercriminals. Researchers stated that the cybercriminals are likely in the process of “testing the waters” before moving on to bigger targets.
Trickbot has recently resurfaced in South America, although it has been discovered previously in Asia. In October 2016, Trickbot targeted financial institutions across Asa, Australia, the United Kingdom, Germany, and Canada.
The Trojan operates using redirection. Cybercriminals send targets spam emails which direct them to booby-trapped websites imitating legitimate banking websites. Once the targeted individuals have been redirected, they enter their banking usernames and passwords into the fake websites. This allows hackers to intercept their credentials.
IBM researchers that since October 2016, Trickbot managed to spread to over 40 different countries and language zones. So far targeted countries span over Asia, Europe, North America, South America, Australia, and New Zealand.
Kessem confirmed in a blog post, that Trickbot has evolved to such a degree that the malware has formed several alliances worldwide in the cybercriminal community. According to the blog post, Trickbot’s main targets are limited to the business banking, wealth management, and private banking sectors. Cybercriminals involved in this are clearly targeting corporate institutions hoping to tap into hefty illicit funds. Kessem stated that the group of responsible cybercriminals appear to be heavily organized and spread throughout the world. Kessem also expressed that the cybercriminals are unlikely to stop anytime soon.
A similar version of the Trojan was previously discovered. This Trojan, discovered by the security firm, Flashpoint, demonstrated worm-like features. Its design was similar to that of “WannaCry” and “NotPetya” two different ransomware malware attacks which caused a global upheaval earlier in 2017.
While Trickbot has not yet caused damage on a global scale, IBM researchers have not yet ruled it out as a global threat.
Last month IBM discovered a different botnet called “Necurs”, which was able to spread malware across the world. This malware managed to send out 40 million different emails all containing the Trickbot malware.
In addition, IBM research has also suggested that the cybercriminals responsible for Trickbot could also be experimenting with other attacks. Some attacks could include implementing the Trojan more directly into fake banking websites as well as installing malicious code to mine cryptocurrency from unsuspecting users’ machines.
The identity of the responsible hackers has not yet been found.