Trickbot: How to Evade the Tricks

by | Nov 19, 2020 | Cyber Security

Trickbot: How to Evade the Tricks

The war on computer malware is far from over, judging from the emergence of new threats every year. While IT admins give a spirited fight against invasive viruses, attackers develop new tricks to ensure cybersecurity experts don’t detect their malware. One such cybersecurity threat is Trickbot.

What is Trickbot?

Trickbot is a banking Trojan used to perpetrate cyber-attacks against individuals and businesses in the US and abroad. They target online banking accounts to obtain personal, identifiable information that criminals can use to commit identity theft.

Cyber criminals also use Trickbot to infiltrate networks. Once the Trojan breaks its way into a system, attackers can use it to deploy other malware, such as ransomware and post-exploitation tool kits. They target victims through well-crafted phishing emails, imitating well-known government or commercial brands. These emails often have attachments or links that open a backdoor for attackers to access the victim’s network.

Here is what Trickbot does:

  • Downloads malicious files such as ransomware, remote Access Tools, and VNC clients
  • Connects victim’s devices to attacker’s networks, giving them full control of the victim’s computers.
  • Steals sensitive information, including login details for banks and other information used to commit identity fraud
  • Infects other devices on the victim’s network, including those on trusted domains
  • Harvests saved account passwords, web history, and cookies.

How to identify Trickbot from authentic software

Trickbot is modular, allowing malware creators to add or remove modules from their DNA to make it difficult to mitigate when they attack. But you may still be able to identify Trickbot through the following:

  • An email from a source that imitates authentic websites. Such emails have strange characters in their addresses since they are phony.
  • An app or software pushed via email, which doesn’t seem to perform any meaningful task when installed.
  • An application from an unknown source is also likely to be Trickbot. Authentic applications usually have well-known sources such as Google Play Store.

Protecting yourself from Trickbot

It is much easier to prevent Trickbot from invading your computer network than getting it out of your system. You can take the following measures to protect yourself from Trickbot attack:

  • Refrain from clicking on links or opening attachments attached to strange emails. Asking your employees and everyone else on your network would also go a long way to keep viruses at bay.
  • Adopt the use of Multi-factor Authentication, or 2-Factor Authentication for accessing your banking accounts and networks
  • Install a premium and reliable antivirus software and ensure it is always up to date.
  • Consider white-listing permitted applications on your system. This action would stop malicious programs from initiating automatically on your devices.
  • Store all critical data in an offline backup to reduce the risk and cost of a ransomware attack.
  • Collect data needed for analyzing network intrusion regularly.
  • Be on the lookout for any lateral movement in the enterprise network because it could be the virus attempting to replicate and infect more devices on the network.

How do you know Trickbot has struck?

You can tell if you are a victim of a Trickbot attack in several ways:

  • Unauthorized access attempts to your online banking accounts and other sites.
  • Fraudulent bank activities, such as the successful transfer of funds to unknown recipients without authorization.
  • Unauthorized changes to network infrastructure, for example, disabled anti-virus or firewall.

How to deal with Trickbot infection

In the event of the worst possible scenario where Trickbot has broken into your network, you can do the following:

  • Review credit card and bank statements to identify any suspicious activity and report to the relevant authorities.
  • Consider changing passwords to your online accounts accessed from infected devices.
  • Report any cyber-attacks to Action Fraud for further investigations and action.

Cyber-attackers are not relenting in their criminal activities, designing new ways to steal your data and money. Take appropriate measures to protect you and your organization from malicious software, such as Trickbot. Don’t let Trickbot trick you into losing your sensitive information and compromising your networks. Contact us for more details.