Security researchers have discovered at least one group of cyber criminals who are trying to give your banking Trojan self-spread worm capabilities that have made the recent ransomware attacks go around the world.
It has found the new version of credentials to steal Trojan TrickBot banking known as “1.000.029” (V24) by using the Windows Server Message Block (SMB), which allowed WannaCry and Petya to quickly spread across the globe.
TrickBot is a Banking Trojan malware that has targeted financial institutions all over the world since last year.
Also Read: 11 Best Ways To Become A Better Listener
The Trojan usually spreads through e-mail attachments impersonating large “unlisted” international financial institution bills, but it actually takes victims to a fake home page used to steal session credentials.
Last week, Flashpoint researchers, who have been continually following TrickBot activities and targets, have discovered that Banking Trojan TrickBot only evolves to be deployed locally via SMB (Server Message Block) networks.
Since the new Banking Trojan TrickBot version is still being tested, the new features are not fully implemented by the band behind the hacking Trojan.
Nor does it have the ability to scan connections randomly for SMB IPs, unlike WannaCry that exploited a vulnerability called EternalBlue.
Flashpoint researchers said the Trojan is being modified to scan vulnerable server domains through the Windows API and list NetServerEnum’s other network computers using Lightweight Directory Access Protocol (LDAP).
New variant TrickBot Banking Trojan can also mask “setup.exe” and delivered via a PowerShell script to spread through process communication and download the TrickBot add-on version on shared drives.
According to investigators, the latest discovery of the new TrickBot variant gives a glimpse of what traders behind the malware could use in the near future.
“Flashpoint evaluated with moderate confidence that the Trickbot band is likely to remain a formidable force in the short term,” said Vitali Kremez, research director at Flashpoint.
“Although the Banking Trojan module seems to be rather rough in its current state, it is clear that the Trickbot band learned from the outbreaks of WannaCry and” NotPetya “and is trying to replicate its methodology.
In order to safeguard against such malware infections, you should always be suspicious of unwanted files and documents sent by email and should never click on links within them unless you verify the source.
To maintain close control of important data, keep a good backup routine in place to make copies to an external storage device that is not always connected to your PC.
Also, be sure to run an effective antivirus suite on your system and keep it up to date.