The Trickbot banking Trojan has received an August 2018 update which adds a new code injection module. The infamous malware has remained active over the years as one of the most prominent Trojans used for financial crimes. The newly added component reveals that its development has not stalled and that we can anticipate further updates as well.
The August 2018 Trickbot Banking Trojan Distribution Methods Remain the Same
The Trickbot banking Trojan in it’s August 2018 release is being distributed using infected payloads. The main method used by the majority of attackers appear to be email phishing messages that either include the malware files as attachments or linked in the body contents. The emails are designed to appear as being sent by a well-known Internet company or service. The payloads are usually documents (rich text documents, spreadsheets, presentations or databases) that make use of malicious macros. Once they are opened a notification prompt will appear asking the users to enable the scripts. When this is done the infection will follow.
Other techniques that can be used to spread such threats include the following:
- File Sharing Networks — A large percentage of virus infections (including Trickbot banking Trojan) can be caused by downloading files from file sharing networks such as BitTorrent. They are well-known for spreading pirate and illegal content.
- Fake Download Sites — The criminals can create malicious sites that utilize the design elements of well-known Internet portals or vendor download sites.
- Browser Hijackers — Malicious users can embed the virus code into plugins made for the most popular web browsers. They are usually uploaded to the relevant repositories by using fake user reviews and an elaborate description. Such techniques coerce the users into installing the plugins by promising them newly added functionality or other extras that are not available. (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/trickbot-banking-trojan-august-2018-updated-stealth-code-injection/