Understanding TrickBot

The authors of malicious programs are making tremendous efforts to circumvent modern antiviruses by developing malware updates. Therefore, experts were not surprised when they found Trickbot. The malicious program appeared a year and a half ago, and continues to evolve.

What is Trickbot?

Trojan: Win32 / Trickbot is one of the most threatening computer viruses, and has affected millions of computer systems around the world. It can easily wade through all versions of the Windows operating system, such as Windows XP, Windows 7, Windows 8, Windows 8.1, and the latest version of Windows 10. Trickbot invades the operating system using a freeware package. The virus instantly spreads from one PC to another through file sharing, using spam removal devices. One CISO (chief information security officer) noticed the threat only when it had encrypted all the computers on the company’s network.

What’s new in Trickbot?

The trojan consists of modules that are regularly updated, and some of them are already known. TrendMicro’s researchers have identified a new password lock module (pwgrab32). It  actively collects passwords from email accounts and passwords stored in caches of web browsers. The information obtained probably is intended to be used for sending phishing emails or emails containing malicious attachments.

Infections of the new version of Trickbot with the PasswordGrabber module have already been seen, and most systems affected are in the U.S., Canada and the Philippines. It is assumed that Trickbot continues to grow as a banking Trojan, focusing on financial structures around the world.