Trickbot, which specifically threatens businesses in the financial sector, has been behind man-in-the-browser (MitB) attacks since 2016. Until now, its web inject configuration was only used to hit organisations outside the US.
One of the main concerns with Trickbot is account takeover and fraud, which may increase among US financial institutions as the malware spreads. While its primary focus is financial institutions, experts anticipate other companies will eventually be at risk.
Trickbot is considered the successor to the Dyre banking Trojan, judging by the similarities between their infrastructure and setup of their configuration files. Flashpoint director of research Vitali Kremez said that it is possible the Trickbot author was either deeply familiar with Dyre or reused old source code. The threat actors behind Dyre have historically targeted Western financial institutions in the US, UK, and Canada.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now