- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Trickbot Targets 140,000 Victims in 14 Months
The infamous Trickbot Trojan has targeted customers of scores of big-name brands over the past year, including Amazon, PayPal and Microsoft, according to new data from Check Point.
The security vendor claimed that the malware had infected at least 140,000 victims since November 2020, with attackers being careful to target high-profile victims.
Among the 60 brands that had customers targeted in this campaign were also Bank of America, American Express, and Wells Fargo.
APAC was the most affected region over the 14-month period, with an estimated 3.3% of organizations impacted. Next came Latin America (2.1%), Europe (1.9%), Africa (1.8%) and North America (1.4%).
Attacks typically begin with phishing emails, including malicious macros.
Although it began life as a banking Trojan, Trickbot steadily grew in sophistication over the years and now features 20 modules that can be executed on-demand to steal data and launch additional malware.
The malware has remained stubbornly persistent by using a decentralized architecture, choosing targets selectively and deploying anti-analysis techniques.
Check Point’s research analyzed three modules: a web-inject function designed to steal banking and credential data; a tabDLL module that steals credentials to spread malware via network shares; and pwgrabc, which steals credentials from a range of apps, including the world’s most popular browsers.
“Trickbot attacks high-profile victims to steal credentials and provide its operators access to the portals with sensitive data where they can cause even more damage. At the same time, we know that the operators behind the infrastructure are very experienced with malware development at a high-level,” explained Check Point cybersecurity research and innovation manager Alexander Chailytko.
“The combination of these two factors is what allows Trickbot to remain a dangerous threat for more than five years already. I strongly urge people to only open documents from trusted sources and to use different passwords on different websites.”
Check Point also urged users not to enable macros in unsolicited email attachments.