TrickBot Spreads to the Nordics, Launches Redirection Attacks in France
This post was co-authored with IBM X-Force's Matan Meir.
---
IBM
X-Force Research detected a new wave of TrickBot attacks targeting banks in
Nordic countries. The malware expanded its configurations to launch fraud
attacks against banks in Sweden, Finland, Norway, Denmark and Iceland, among
the other geographies it targets.
Moreover,
the malware, which has been testing redirection attacks on one bank in France,
now targets 28 brands in the country, focusing on corporate, investment and
private banking firms.
TrickBot Takes Aim at New Targets
The
TrickBot banking Trojan’s operators have been working hard this year, employing
sophisticated redirection attacks against banks across the globe. IBM X-Force
data revealed that they also doubled their activity between the first two
quarters of 2017, modifying the code to evade detection and launching infection
campaigns in different parts of the world.
Aside
from the Nordics and France, TrickBot configurations target banks in 24
countries, including:
- U.K. (36 percent);
- France (10 percent);
- Sweden (9 percent);
- Switzerland (6 percent);
- U.S. (6 percent);
- Finland (6 percent);
- Norway (5 percent);
- Canada (4 percent);
- Australia (4 percent);
- Ireland (2 percent);
- Denmark (1 percent);
- Singapore (1 percent);
- Germany (1 percent);
- Lebanon (1 percent);
- Luxembourg (1 percent);
- Austria (1 percent);
- Belgium (1 percent);
- Lithuania (1 percent); and
- Hong Kong, Bulgaria, Spain, Israel, Iceland and Tahiti (under 1 percent)
Keep in
mind, these numbers are for the current campaigns and will change over time.
Configuration files are moving parts of any banking Trojan and can be modified
rather frequently. TrickBot possesses a dedicated configuration to target banks
in Australia, Canada, Germany and the U.S., to name a few.
Read more of this post here.
Comments
Post a Comment