An Aggressive Launch: TrickBot Trojan Rises With Redirection Attacks in the UK
IBM X-Force researchers reported that new banking
malware TrickBot
is now fully operational and able to deploy two of the most advanced browser
manipulation techniques: serverside injections and redirection
attacks. While other Trojans like GozNym
needed more time to prepare for such attack scenarios, TrickBot has been
equipped with both capabilities from day one.
The TrickBot Trojan has been in development and
testing for the past few months. At first not considered a banking Trojan per
se, it became one when it implemented a webinjection mechanism in October 2016.
As of early November, X-Force researchers
following the malware’s development noted that its operators launched attacks
with two new configurations. This officially enabled redirection attacks
against four banks in the U.K. An Australia-focused configuration is primarily
concerned with serverside injections. Considering its aggressive start,
however, X-Force Research expects to see TrickBot expand its target list and
attack scope in the coming weeks.
TrickBot’s D-Day: Adding UK Banks to the Mix
During its initial testing infections, TrickBot
primarily targeted banks in Australia, along with one Canadian bank and a
regular expression (RegEx) URL for a digital banking platform common to
regional banks in the U.S.
This scope changed almost overnight when
TrickBot’s operators launched two new configurations in early November. The
malware now targets the personal and business banking websites of financial
institutes in the U.K., Australia, New Zealand, Canada and Germany.
This post was part of my work with IBM X-Force.
Read the complete post here.
Comments
Post a Comment