TrickBot malware is Trojan-type malware to steal sensitive data by using spam emails and also distributed by using Adobe Flash Player updates. The malware was first discovered in 2016 through various financial institutions and banks. Later in 2017, TrickBot started targeting crytowallers and it can also spread itself and infect as many computers as possible like a “zombie”.
Once the malware hijacks the web browsers, it modifies the entered logins and passwords and sends them to a remote server which is controlled by hackers. Hence, it causes lots of significant issues regarding user’s privacy and it leads to financial loss for banks and financial institutions. The updated TrickBot malware are capable of locking victim’s from their computer screen and the attackers demand ransom to get access to their computer again. The virus is capable of hijacking various applications and stealing saved passwords and other information types.
Furthermore, the virus is also capable of stealing web browser cookies to create a better profile of each victim to attack in a better way. The new version of the malware allows to steal PIN codes from people who use services of Verizon Wireless, T-Mobile, and Sprint, which allows the attacker to control the victim’s phone numbers. The main motive of the TrickBot malware is to generate revenue by stealing users’ sensitive data and locking them out from their personal computers. There are other ransomware similarities with TrickBot such as Adwind, Pond, Formbook and a number of other Trojans. They all have the same purpose which is to steal sensitive data with different working techniques.
On March 25, 2020, TrickBot Trojan has recently released a malicious Android application allowing attackers to bypass two-factor authentication (2FA). The applications enable the attackers to perform fraudulent transactions which may lead to huge financial losses.
The attack vectors for the TrickBot are spam emails and fake Adobe Flash Player updaters. The Spam emails contain malicious attachments and once the user clicks on the malicious attachment, the malicious code immediately executes and infects the system. According to new data from Microsoft, TrickBot malware has been linked to more COVID-19 phishing emails than any other. On April 17, 2020, Microsoft posted that, “based on Office 365 ATP data, Trickbot is the most prolific malware operation using COVID-19 themed lures. This week’s campaign uses several hundreds of unique macro-laced document attachments in emails that pose as messages from a non-profit offering free COVID-19 test” in Twitter.
Therefore, TrickBot malware should be eliminated immediately to stop infecting other systems. TrickBot is difficult to detect and it is capable of disabling Windows Defender as well. To detect and eliminate TrickBot, there are many legitimate anti-virus to install and scan. For Mac users, you can download Combo Cleaner for Mac and for premium, you can pay $60 for a six months license. Window users can simply follow the steps from this video for Window 7 and click this video for Window 8. In addition, users should be careful about what they are clicking on the internet and in emails. Any suspicious emails should be reported and deleted, and made sure to cross-check before clicking on the link sent by your company. Always making sure to update software and systems, and to run anti-virus periodically.