Skip to content

Trending tags

There are so many different types of malware that keeping up with them is not an easy task. Not only knowing them all is difficult, but also not very relevant as long as your security software is doing its job well. More and more malware is being developed and most don’t ever really become a huge global threat, or make headlines.

That being sad, some types of malware raise more interest and concern due to their popularity among cyber criminals, the damage they do and other factors. And when you know the risks, you might want to be better prepared for them.

One of these more prominent types of malware is called TrickBot. It started out in 2016 as a banking trojan and it was used to capture banking credentials and eventually make profit. It has since become a lot more than that. Here are four reasons why TrickBot should be on your radar.


1. TrickBot can be used in multiple ways

Stealing your online bank login credentials not bad enough? Wait, there’s more! Maybe not very surprising, but TrickBot can also spy on other information to gain access to email accounts, system and network information, tax information and so on.

TrickBot can start spreading spam emails and also spread itself to other victims. It is believed to have compromised at least 250 million email accounts. TrickBot can also install a backdoor to your system so that it can be accessed remotely and used as a part of a botnet.

TrickBot is at the moment mainly used to target corporate networks. However, it has been and can be used in the future to target consumer networks as well. When targeting businesses, TrickBot’s information stealing capabilities are especially dangerous and profitable.

2. Knock knock. Who’s there? More malware.

TrickBot is a trojan, so it gets on your computer disguised as something legitimate, typically a word, excel or PDF document attached to an email. If it makes its way into a system, it will most likely download other malware.

For example, TrickBot often downloads Ryuk ransomware after infection. The network is scanned to identify profitable targets for ransomware attacks. If deemed such, the ransomware is activated after enough information has been gathered and enough computers have been infected.

TrickBot also often comes hand in hand with another malware called Emotet. When infecting a computer, they often download one another. This increases the damage and spreads both malware (and the aforementioned Ryuk) even further.

3. Modular malware

Notice that we’ve mentioned that TrickBot can do and can be different things? That’s because it’s a modular malware, meaning that not all TrickBot infections are the same. Depending on the version used by the attacker, it can include different kinds of functions. These versions can also update themselves and download other features.

This is one of the reasons TrickBot is so popular among cyber criminals. They can customize it and develop it further to make it more effective and profitable to them. TrickBot has already evolved and changed from its original form, and it will most likely continue to do so. What it is today is not what it will be later.


4. TrickBot isn’t going anywhere

Unfortunately, TrickBot probably isn’t going anywhere anytime soon. Its many functions and capability to be further developed make it a popular and profitable tool for cyber criminals.

According to F-Secure’s researcher Bert Steppé: “The future of TrickBot is malware-as-a-service: providing some kind of framework for other threat actors, so that they can access the victim’s system or install other modules from other threat actors.”

This means that, in addition to other possible new features of TrickBot, the ever-evolving threat will likely bring even more malware with it in the future. Access to the networks of devices infected by TrickBot can be sold or rented to other cyber criminals for their own purposes.


Luciano Hernández

20.11.19 5 min. read


Leave a comment

Oops! There was an error posting your comment. Please try again.

Thanks for participating! Your comment will appear once it's approved.

Posting comment...

Your email address will not be published. Required fields are marked *

Related posts

Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.