Security News > 2022 > February > TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands

Cyberattackers are targeting 60 different high-profile companies with the TrickBot malware, researchers have warned, with many of those in the U.S. The goal is to attack those companies' customers, according to Check Point Research, which are being cherry-picked for victimization.

The TrickBot malware was originally a banking trojan, but it has evolved well beyond those humble beginnings to become a wide-ranging credential-stealer and initial-access threat, often responsible for fetching second-stage binaries such as ransomware.

"Such modules allow the execution of all kinds of malicious activities and pose great danger to the customers of 60 high-profile financial and technology companies," CPR researchers warned.

CPR in just its own telemetry found that TrickBot overall has seen more than 140,000 successful infections since the takedown; and researchers noted that it's back to taking first place in malware prevalence lists.

Another anti-analysis technique they observed involved researchers sending automated requests to the C2 to get fresh web-injects: "If there is no 'Referer' header in the request, the server will not answer with a valid web-inject," according to CPR. "We not only see variants created based on more recently successful malware, but we even see threat actors use malware that is even twenty years old to generate new variants," Saryu Nayyar, CEO and founder at Gurucul, said of the Zeus connection, via email.

"Based on our technical analysis, we can see that TrickBot authors have the skills to approach the malware development from a very low level and pay attention to small details," they said.

News URL

https://threatpost.com/trickbot-amazon-paypal-top-brands/178483/