Trickbot, A New Threat to Indian Online Banking

APTFilter AVGNews CERT-LatestNews FSecureNews KasperskyNews Malware McAfeeNews Security News SocialEngineering SophosNews SymantecNews ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic TrendMicroNews Uncategorized VulnerabilitiesAdobe VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesApplications VulnerabilitiesCisco VulnerabilitiesCrypto VulnerabilitiesDBMS VulnerabilitiesFirmware VulnerabilitiesGoogle VulnerabilitiesHardware VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesMozilla VulnerabilitiesNetwork VulnerabilitiesOS VulnerabilitiesVMWare VulnerabilitiesVOIP


Ransomware is not the only prevalent threat these days; there are threats too which have been making their foray. We humans tend to forget that security is an on-going process and is not limited to one single threat. We have to be on our toes 24×7 and be alert at all times, ensure that all the SOPs are adhered to and also ensure regular audits of all the security processes and procedures.

For past few weeks, Ransomwares has gained notoriety specifically due to the exploits used by WannaCry Ransomware, however during the same period, TrickBot a banking Trojans too was working towards stealing banking credentials and gaining access to the banking accounts of the victims.

Thanks to the release of the source code of Zeus Bot a couple of years ago, we have observed a rise in Trojans which share the same / similar codebase with that of Zeus. On these similar lines, Trickbot shares many similarities with Dyre yet another banking malware.

Trickbot’s configuration contains the list of Banking URLs which when accessed by the victim would be intercepted and exploited. In recent weeks, Trickbot has expanded its attack vector and has truly gone global and targets numerous banks, payment processors and CMS systems.

Targeting CMS systems, provides Trickbot with the access credentials which can then be further leveraged to carry out targeted attacks which includes spear phishing attacks and up to a certain extent water holing attacks.

Recently, Trickbot added a couple of Indian Banks to its configuration viz. SBI Bank and ICICI considering their huge consumer base, however we are yet to observe any active attack on the consumers.

Moreover, in coming months we expect much larger campaigns targeting Indian Online Banking Customers and a few more Indian banks to be added by Trickbot into its configuration. Furthermore, based on the success of Trickbot, we may also observe other banking Trojans sneaking into the Indian Cyberspace.

As a precautionary measure, net-banking users should implement an Antivirus/Internet Security Suites on all of their devices including their mobile phones. Users should regularly apply the patches, which have been released by Software Vendors, as well as implement Email Gateway security solutions to protect your organization from malicious emails.