TrickBot Takes to Latin America, Continues to Expand Its Global Reach

The TrickBot Trojan, a banking malware believed to be operated by an organized cybercrime group, has been the most active financial Trojan in the wild all summer. For some perspective, while other malware operators were much less active in the summer months, TrickBot was three times more active than Dridex in terms of campaigns and code updates in Q3 and Q4 to date, according to IBM X-Force Research. It continues to expand its reach, this time setting foot in Latin America, with bank targets in Argentina, Chile, Colombia, and Peru.

At this time, the number of targets in Latin America is still small, but this strategy is typical for TrickBot’s operators, who test the waters before moving ahead to set up redirection attacks and add more banks to their target lists.

Recent configuration files analyzed by IBM X-Force Research show that TrickBot’s operators are still using redirection attacks for many of their targets. The ratio in recent campaigns, where TrickBot targeted banks in no less than 40 countries, was 60 percent web-injection attacks to 40 percent redirection attacks. Those are already active in all four countries in Latin America where TrickBot targets major banks. In the current cybercrime arena, according to X-Force research, the only other gangs to use redirection attacks are the operators of the Dridex and GootKit Trojans.  

Read on here.