LTS Secure Warning: Outbreak Of Banking Trojan a.k.a TrickBot

We all know how serious of a threat the Emotet posed to Businesses and Banks around the world, but now there is newer, highly sophisticated banking Trojan out there, attempting to dethrone it, dubbed as TrickBot.

Some of its capabilities include:

  • Stealing Credentials
  • Harvesting emails
  • Stealing from Bitcoin wallets

The trojan is added with new features and development on regular basis, by its creator to further increase its impact on the targeted devices.

 

Technical Details

The attacker use mail-spam campaign to spread the Trickbot trojan . Email appear to be a tax incentive notification from a financial institution, so that the users are lured into opening the attachment. Doing so makes an embedded script to be executed, which makes a connection to a remote server, using which the trojan in dropped and exectued on the victim device.

 

Impact

  • Gather & send detailed information about infected devices and network to attacker.
  • Steal sensitive/confidential information like login credentials of banking sites, cookies, etc. by manipulating web-browsing sessions.
  • Spreads through company network, further infecting other devices.
  • Causes further damage by downloading malicious files such as Remote Access Tools, Ransomware & VNC clients.

 

Recommended Actions

  • Make sure your system is secured with MS 17-010 patch released by Microsoft.
  • Change all local system as well as server passwords on regular basis.
  • Never download any suspicious attachments or click on any shady-looking link. Take an effort to educate your users on how to identify a mail-spam.
  • Do not open any advertisement pages shown on websites without knowing that they are genuine.
  • Disable macros while using MS Office.