According to researchers, TrickBot malware has targeted customers of over 60 high-profile corporations since November 2020 including Google, Microsoft, PayPal, Bank of America, and others.
As per the latest report published by Check Point Research Team, TrickBot developers are constantly striving to improvise the malware’s functionalities. For your information, TrickBot is a banking trojan that first emerged in 2016 and since has evolved into an all-encompassing ecosystem of a botnet, malware, and ransomware over the years.
140,000+ TrickBot Infections Since Nov 2020
According to Check Point researchers, there has been significant activity from TrickBot operators since 2020. The report comprised data obtained since November 2020, during which the company claims over 140,000 devices have been infected by the trojan, targeting customers of around sixty high-profile corporations, including but not limited to the following:
- PayPal
- Amazon
- Microsoft
- Wells Fargo
- Bank of America
- American Express
TrickBot hits devices used by general public
Check Point’s cybersecurity, research, and innovation manager, Alexander Chailytko, noted that these 140,000 machines infected over 16 months are mainly computers used by the general public and some organizations. This number is not final, which is why the company wrote over 140,000 machines since the gathered data represents the telemetry received from customers of Check Point.
However, the company is certain that at least 1 out of every 45 companies might be impacted by TrickBot. Most modules of the trojan are used to steal login credentials from customers of large-scale banks.
Full list of targeted companies according to CheckPoint:
| Company | Field |
| Amazon | E-commerce |
| AmericanExpress | Credit Card Service |
| AmeriTrade | Financial Services |
| AOL | Online service provider |
| Associated Banc-Corp | Bank Holding |
| BancorpSouth | Bank |
| Bank of Montreal | Investment Banking |
| Barclays Bank Delaware | Bank |
| Blockchain.com | Cryptocurrency Financial Services |
| Canadian Imperial Bank of Commerce | Financial Services |
| Capital One | Bank Holding |
| Card Center Direct | Digital Banking |
| Centennial Bank | Bank Holding |
| Chase | Consumer Banking |
| Citi | Financial Services |
| Citibank | Digital Banking |
| Citizens Financial Group | Bank |
| Coamerica | Financial Services |
| Columbia Bank | Bank |
| Desjardins Group | Financial Services |
| E-Trade | Financial Services |
| Fidelity | Financial Services |
| Fifth Third | Bank |
| FundsXpress | IT Service Management |
| Technology | |
| GoToMyCard | Financial Services |
| HawaiiUSA Federal Credit Union | Credit Union |
| Huntington Bancshares | Bank Holding |
| Huntington Bank | Bank Holding |
| Interactive Brokers | Financial Services |
| JPMorgan Chase | Investment Banking |
| KeyBank | Bank |
| LexisNexis | Data mining |
| M&T Bank | Bank |
| Microsoft | Technology |
| Navy Federal | Credit Union |
| PayPal | Financial Technology |
| PNC Bank | Bank |
| RBC Bank | Bank |
| Robinhood | Stock Trading |
| Royal Bank of Canada | Financial Services |
| Schwab | Financial Services |
| Scotiabank Canada | Bank |
| SunTrust Bank | Bank Holding |
| Synchrony | Financial Services |
| Synovus | Financial Services |
| T. Rowe Price | Investment Management |
| TD Bank | Bank |
| TD Commercial Banking | Financial Services |
| TIAA | Insurance |
| Truist Financial | Bank Holding |
| U.S. Bancorp | Bank Holding |
| UnionBank | Commercial Banking |
| USAA | Financial Services |
| Vanguard | Investment Management |
| Wells Fargo | Financial Services |
| Yahoo | Technology |
| ZoomInfo | Software as a service |
TrickBot Transition
According to Check Point’s report, TrickBot authors have added the botnet with anti-analysis and anti-deobfuscation layers to enhance its capabilities. So, if a researcher tries to decipher its code, the malware stops communicating its C2 server and stops working entirely.
Researchers wrote that the inclusion of such features reveals that TrickBot operators are highly skilled, which explains why it has continued to remain a “prevalent malware family.” It is worth noting that last month Hackread published a detailed report based on the findings of IBM researchers revealing that TrickBot malware has added a new feature that crashes researchers’ devices to evade analysis.
Is TrickBot Breathing its Last?
Most security researchers, including Hold Security, a dark web monitoring platform, believe that TrickBot Trojan is breathing its last. Its days are numbered because most gang members have left the group operating it. Recently, Check Point has detected a decline in the botnet’s activity.
Our Dark Web sources report that Trickbot gang lost its key members over the past 24 hours. Looks like Russian government actions are driving ransomware gangs to close their doors. Hopefully this is going to be it for the one of most notorious ransomware gangs of our time.
— HoldSecurity (@HoldSecurity) February 11, 2022
Researchers suggest users should open documents only from trusted sources and use complicated and different passwords for different accounts. Moreover, they must keep antivirus software and operating systems updated to prevent infection.
More TrickBot malware news:
- Cyber Security companies dismantle Trickbot ransomware botnet
- Emotet malware reemerges, building botnet via Trickbot malware
- New Trickbot attack setup fake 1Password installer to extract data
- Black Lives Matter movement exploited to spread Trickbot malware
- TrickBot malware now crashes researchers’ devices to evade analysis
