ESET takes part in global operation to disrupt Trickbot

In News

ESET researchers have participated in a global operation to disrupt the Trickbot botnet, which has, since 2016, infected over a million computing devices. Along with partners Microsoft, Lumen’s Black Lotus Labs Threat Research, NTT and others, the operation impacted Trickbot by tanking their command and control servers.

ESET Research has been tracking its activities since its initial detection in late 2016. In 2020 alone, ESET’s botnet tracker platform analyzed more than 125,000 malicious samples and downloaded and decrypted more than 40,000 configuration files used by the different Trickbot modules, giving an excellent viewpoint of the different C&C servers used by this botnet.

“Over the years we’ve tracked it, Trickbot compromises have been reported in a steady manner, making it one of the largest and longest-lived botnets out there. Trickbot is one of the most prevalent banking malware families, and this malware strain represents a threat for internet users globally,” explains Jean-Ian Boutin, Head of Threat Research at ESET.

Worldwide Trickbot detections by ESET telemetry between October 2019 and October 2020

Throughout its existence, this malware has been distributed in a number of ways. Recently, a chain we observed frequently is Trickbot being dropped on systems already compromised by Emotet, another large botnet. In the past, Trickbot malware was leveraged by its operators mostly as a banking trojan, stealing credentials from online bank accounts and trying to perform fraudulent transfers.

One of the oldest plugins developed for the platform allows Trickbot to use web injects, a technique allowing the malware to dynamically change what the user of a compromised system sees when visiting specific websites. “Through our monitoring of Trickbot campaigns, we collected tens of thousands of different configuration files, allowing us to know which websites were targeted by Trickbot’s operators. The targeted URLs mostly belong to financial institutions,” adds Boutin.

“Trying to disrupt this elusive threat is very challenging as it has various fallback mechanisms, and its interconnection with other highly active cybercriminal actors in the underground makes the overall operation extremely complex,” concludes Boutin.

Comments

You may also read!

1 in 5 HTML Email Attachments Were Found to be Malicious

New research conducted by Barracuda Networks has found that HTML attachments are by far the most used by cybercriminals

Read More...

Kaspersky Reveals Phishing Emails That Employees Find Most Confusing

Phishing simulator data from Kaspersky Security Awareness Platform shows that workers tend not to notice pitfalls hidden in emails

Read More...

Human Risk Remains the Biggest Threat to Cybersecurity: SANS Institute

With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu