Skip to content

Trending tags

TrickBot is one of these more prominent types of malware. It started out in 2016 as a banking trojan. It captured banking credentials and passed them to criminals. The dangerous malware type has since evolved. Here are four reasons why TrickBot should be on your radar

1. TrickBot has multiple uses

Stealing your online bank login credentials not bad enough? Wait, there’s more! TrickBot can also spy on other information to gain access to email accounts, system and network information, tax information and so on.

TrickBot can start spreading spam emails. This way it can spread itself to other victims. It is believed to have compromised at least 250 million email accounts. It can also install a backdoor to your system so that it can be accessed remotely and used as a part of a botnet.

TrickBot is at the moment mainly a threat to corporate networks. However, it has been used to target consumer networks as well. When targeting businesses, TrickBot’s information stealing capabilities are especially dangerous and profitable.

2. It downloads other malware

Knock knock. Who’s there? More malware. TrickBot is a trojan. It gets on your computer disguised as something harmless. Typically this means an email attachment, like a PDF document. Once it’s inside a system, it will most likely download other malware.

For example, it often downloads Ryuk ransomware after infection. TrickBot scans networks to identify targets for ransomware attacks. Ryuk ransomware is activates itself after enough information has been gathered and enough computers have been infected.

TrickBot also often comes hand in hand with another malware called Emotet. When infecting a computer, they often download one another. This increases the damage and spreads both malware (and the aforementioned Ryuk) even further.

3. The malware can be modified for new purposes

Notice that we’ve mentioned that TrickBot can do and can be different things? That’s because it’s a modular malware, meaning that not all infections are the same. Depending on the version used by the attacker, it can include different kinds of functions. These versions can also update themselves and download other features.

This is one of the reasons it is so popular among cyber criminals. They can customize it and develop it further to make it more effective and profitable. TrickBot has already evolved and changed from its original form. It will most likely continue to do so. What it is today is not what it will be later. And that brings us to the last reason.

4. TrickBot isn’t going anywhere

Unfortunately, TrickBot isn’t going anywhere anytime soon. Its many functions and capability to be further developed make it a popular and profitable tool for cyber criminals.

According to F-Secure’s researcher Bert Steppé: “The future of TrickBot is malware-as-a-service: providing some kind of framework for other threat actors, so that they can access the victim’s system or install other modules from other threat actors.”

This means that, in addition to other possible new features, the ever-evolving threat will likely bring even more malware with it in the future. Access to the networks of devices infected by TrickBot can be sold or rented to other cyber criminals for their own purposes.


Luciano Mondragon

20.11.19 3 min. read


Related posts


Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.