TrickBot Spruces Up Its Banking Trojan Module
#1
Information 
Quote:The TrickBot trojan is adding man-in-the-browser (MitB) capabilities for stealing online banking credentials that resemble Zeus, the early banking trojan, researchers said — potentially signaling a coming onslaught of fraud attacks.
 
TrickBot is a sophisticated modular threat known for stealing credentials and delivering a range of follow-on ransomware and other malware. But it started out as a pure-play banking trojan, harvesting online banking credentials by redirecting unsuspecting users to malicious copycat websites.
 
According to researchers at Kryptos Logic Threat Intelligence, this functionality is carried out by TrickBot’s webinject module. When victim attempts to visit a target URL (like a banking site), the TrickBot webinject package performs either a static or dynamic web injection to achieve its goal, as researchers explained:
 
“The static inject type causes the victim to be redirected to an attacker-controlled replica of the intended destination site, where credentials can then be harvested,” they said, in a Thursday posting. “The dynamic inject type transparently forwards the server response to the TrickBot command-and-control server (C2), where the source is then modified to contain malicious components before being returned to the victim as though it came from the legitimate site.”

In the updated version of the module, TrickBot has added support for “Zeus-style webinject configs,” according to Kryptos Logic – an additional way to dynamically inject malicious code into target banking-site destinations.

Read more: TrickBot Spruces Up Its Banking Trojan Module | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
jasonX's profile jasonX
Administrator

>