TrickBot Expands in Japan Ahead of the Holidays

TrickBot Expands in Japan Ahead of the Holidays
Data indicates TrickBot operators are modifying its modules and launching widespread campaigns around the world.

The notorious Trickbot banking Trojan is undergoing code modifications as operators ramp up global attacks, which are increasingly targeting Japan this holiday season, researchers report.


IBM X-Force data indicates TrickBot is currently the most active banking Trojan. As its many targets have evolved over the years, so has Trickbot: The threat was modified in August to target mobile device users, and it's the primary payload in attacks against healthcare firms. Earlier this year, TrickBot operators began to use redirection instead of malicious email attachments to spread malware. It also made Webroot's list of nastiest malware for 2019.


TrickBot has mostly appeared in campaigns in Western and English-speaking countries. While it has been spotted in other regions, this marks the first time TrickBot has been seen at Japanese banks. X-Force researchers urge shoppers in Japan to be wary of TrickBot on e-commerce sites and cryptocurrency platforms. While most campaigns aim for online banking (76%), e-commerce (5%), payment cards (3%), credit unions (3%), and Bitcoin exchanges (3%) are also targeted.


Campaigns targeting Japanese entities have been using malicious spam and distribution by the Emotet botnet to drop TrickBot onto target devices. Most attacks use Web injections on banking websites, which ultimately lead to bank fraud. One of TrickBot's go-to tactics, pulled from the attacker's server, involves tricking victims into sharing personally identifiable data, payment card details, PINs, and transaction authorization ..

Support the originator by clicking the read the rest link below.