Trickbot banking Trojan updated with screen locker component
Target: The financial sector worldwide
Attack Vector: Worldwide
Summary: The well-established banking Trojan Trickbot, has been upgraded to include a new screen locker module. It is thought that this will be used to hold victim’s devices to ransom if they are not e-banking users and it is believed to be a way for the attackers to enhance monetisation during attacks. The module is not yet fully functional, however as it has been witnessed in the wild, it will be in a testing stage and therefore close to full operation.
Risk assessment summary: This threat is assessed at 3C MODERATE, although this module is not fully functional, it is cause for concern that it has been seen in the wild as this suggests it is in the testing phase of its development. With this new module, it means the malware will have a much higher hit rate in terms of money gained from infection. With the worm module that is also included in this update, the speed in which it spreads across internal networks is now increased. With both of these updates the Trojan becomes a bigger threat to a company’s brand image if an infection takes place alongside the potential for data and finance loss.