TrickBot is a modular banking trojan that targets sensitive information and acts as a dropper for other malware. Since June 2019, the MS-ISAC is observing an increasingly close relationship between initial TrickBot infections and eventual Ryuk ransomware attacks. The malware authors are continuously releasing new modules and versions of TrickBot to expand and refine its capabilities. TrickBot uses man-in-the-browser attacks to steal financial information, such as login credentials for online banking sessions. Additionally, some of TrickBot’s modules abuse the Server Message Block (SMB) Protocol to spread the malware laterally across a network.
Security Primer – TrickBot
