Trickbot Continues to Stay Strong Despite the Recent Arrest of Gang Members

What do the reports say? 

• Some of the recent features include a new VNC module and an ‘injectDll’ module to monitor high-profile targets and steal banking details, respectively. 
• The Global Threat Report for September 2021 by Check Point research also revealed that TrickBot continued to be one of the prominent malware used to target multiple organizations. 
• The trojan regained its top position after having fallen into second place following a three-month-long reign.

Recent attack observed 

• A fresh phishing campaign involving the TrickBot trojan was observed despite the recent arrest of two of its gang members.
• In a series of tweets, Malwarebytes Threat Intelligence revealed that the trojan was used as a part of a new phishing campaign that was distributed via malicious Office files.
• The attack campaign used the DLL sideloading attack technique to evade detection.  

The persisting BazarCall campaigns

• The past few months also witnessed the evolution of a new phishing attack dubbed BazarCall that employed BazarLoader, another malware from the same threat actor gang. 
• As a part of the attack, the users received an email that urged them to call the attackers to cancel a trial that is automatically charged. 
• Upon calling the number, the victim is redirected to a phishing page that prompts them to share their login details.  
• Besides making use of a fake call center setup, the malware also abused Slack and BaseCamp clouds as a part of social engineering techniques.   

The bottom line