Security News > 2021 > July > TrickBot Spruces Up Its Banking Trojan Module

The TrickBot trojan is adding man-in-the-browser capabilities for stealing online banking credentials that resemble Zeus, the early banking trojan, researchers said - potentially signaling a coming onslaught of fraud attacks.

According to researchers at Kryptos Logic Threat Intelligence, this functionality is carried out by TrickBot's webinject module.

In the updated version of the module, TrickBot has added support for "Zeus-style webinject configs," according to Kryptos Logic - an additional way to dynamically inject malicious code into target banking-site destinations.

"Due to Zeus having been the gold standard for banking malware, Zeus-style webinjects are extremely popular," they said.

This new effort in freshening up the webinject module may indicate that TrickBot's operators are getting back into the banking-fraud fray, researchers said.

"The resumption of development of the webinject module indicates that TrickBot intends to revive its bank-fraud operation, which appears to have been shelved for over a year," Kryptos Logic researchers concluded.

News URL

https://threatpost.com/trickbot-banking-trojan-module/167521/