Security News > 2020 > July > TrickBot Sample Accidentally Warns Victims They’re Infected

TrickBot, the infamous info-stealing trojan, has been trying out a test module that accidentally pops up fraud alerts to victims.

A sandboxed sample of the trojan, obtained by MalwareHunterTeam and analyzed by Advanced Intelligence's Vitali Kremez, turns out to contain a new module, called "Module 0.6.8," that carries the file name "Grabber.dll." It works to log browser activity and steal passwords used in Google Chrome, Internet Explorer, Mozilla Firefox and Microsoft Edge, and it sniffs out browser cookies - just like other grabber modules used by TrickBot.

TrickBot is a rapidly evolving modular malware strain that has been around since 2016, starting life as a banking trojan.

According to Kremez' analysis, the newly discovered grabber module uses several internal C++ code references, such as "Grabchrome.cpp," which align with the usual TrickBot grabber code patterns and functions.

Interestingly, TrickBot operators may soon have yet another new module to deploy: The researcher also found a piece of code called "Socksbot.dll," which he said appears to act as a Socks5 proxy for the malware.

News URL

https://threatpost.com/trickbot-sample-accidentally-warns-victims/157390/