TrickBot Malware Improves Again, Finds New Distribution Channels

Published: January 11, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



Since TrickBot opened its doors five years ago as a credential-stealing banking trojan, it’s made quite a name for itself. But what that name means depends on who’s being asked. Cybercriminals appreciate TrickBot for its stealth in effective email phishing campaigns, the ability to improve its nefarious abilities and for the profit it rakes in from attacks. Cybersecurity pros and everyday users, on the other hand, dislike TrickBot for those very same reasons, perhaps most of all for being the gateway for ransomware attacks. And now, it’s back again for added improvements and new distribution channels for its gang of thieves.


So far, over one million devices have been infected by the TrickBot botnet that famously distributes info-stealers and ransomware among other types of malware. IBM X-Force finds TrickBot’s gang of cybercriminals are now supporting other threat actors as additional ways to increase attacks. These new groups are now spreading malware with the help of TrickBot while creating more profits for the botnet’s crew and their new distribution partners.



An Effort To Take Down TrickBot


Recently, a coordinated effort to take down TrickBot’s infrastructure was announced by law enforcement and others, including Symantec, Microsoft Defender team, ESET, and more. The goal of all involved was to destroy the infrastructure of TrickBot’s command and control (C&C) operations. Although the overall effort came up short, TrickBot’s operators were prepared by putting new C&C servers online to resume their operations in case the effort succeeded.


The takedown attempt led to several upgrades by TrickBot’s operators, making the malware more effective and difficult to stop. The improvements include a VNC (Virtual Network Computing) module update used for remote access over infected systems. Another is a web-inject improvement allowing TrickBot to spread even easier, causing extended damage to the victim.



Email Phishing Red Flags

  • Since TrickBot is notorious for using phishing emails to enter a system, a closer look at email red flags and user safety can help stop a malware infection before it starts.

  • Think before you click. Phishing emails often have malware attachments and malicious links in the message and acting on them can be the first step to installing malware on a device.

  • Be aware of bad spelling or grammar in an email. A legitimate email shouldn’t have any typos, bad grammar.

  • Lookout for any sense of urgency in an email. Hackers like to push us into acting quickly before there’s time to verify the email is legitimate. Nothing that arrives in email is so important that you can’t take a minute to verify it.

  • Keep all system software updated, especially anti-virus software. Updates have fixes to security flaws that can leave a system open to attack.

  • Use a good dose of common sense. If for any reason you feel an email isn’t quite right, don’t act on it. Always verify an email request with the sender, but don’t use contact information in the email as it could be a hacker setup. Instead, check the true website the email claims to be from for verification.


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

3 views0 comments