Trickbot Attacks
The banking Trojan horse Trickbot infected more than 140,000 people. Devices belonging to clients of 60 global companies – Check Point Research experts warn. Polish users were also among the victims.
Since November 2020, cybercriminals, using the well-known banking Trojan Trickbot, have been carrying out activities aimed at capturing the data of customers of global companies, including Amazon, Microsoft, Google or PayPal. So far, the common malware has infected more than 140,000 computers around the world, according to a Check Point Research analysis.
Trickbot is currently the second most common type of malware globally (with an impact on at least 2.2% of organizations) and the fourth most detected in Poland – in January 2022 it was detected at around 1.8%. Polish corporate networks. According to cyber security professionals, this tool is ideal for hacking and stealing sensitive data.
Check also:
To date, attacks on clients of 60 companies from all over the world have been documented. According to specialists, Trickbot very selectively sets its targets, while being able to efficiently hide from antivirus mechanisms. The Trickbot infrastructure can also be used by other malware families (such as Emotet or various types of ransomware) to cause greater harm to infected devices.
“We have documented more than 140,000 infected machines belonging to customers of the world’s largest and most famous companies. Trickbot attacks, among other things, are known victims of credential theft and provide their operators with access to portals containing confidential data in which they can cause even greater harm. At the same time, We know that infrastructure operators have extensive experience creating high level malware.The combination of these two factors has made Trickbot a serious threat for over 5 years.I strongly encourage all users to open documents only from trusted sources and use different passwords on different websites – warns Alexander Chailytko, Director of Cyber Security, Research and Innovation at Check Point Software Technologies.
Check Point Research specialists point out three basic precautions you should take to have a chance to protect yourself from Trickbot and other malware:
1. Only open documents that you receive from trusted sources. Do not enable macro execution within documents.
2. Make sure that you are running the latest operating system updates and antivirus software.
3. Use different passwords on different websites.
The campaigns start with a database of stolen emails to which hackers send malicious documents. When the user opens the document, the main Trickbot payload is downloaded and installed on the computer. Thanks to advanced codes, malware can perfectly resist security systems. But that is not all, cybercriminals can release additional modules remotely that allow further exploration of computers and corporate networks. Their functionality is different: for example, they can spread malware through a compromised company’s network, steal credentials, or obtain login credentials to banking sites. So far, 20 units that are developing the capabilities of the Trickbot have been confirmed.
