Skip to main content


Home TrickBot

TrickBot

(also Trickbot)

TrickBot definition

TrickBot is a sophisticated modular malware capable of system reconnaissance, data theft, and ransomware delivery. TrickBot was originally conceived as a banking trojan (malware designed to steal banking credentials) for Windows devices in 2016. Today, TrickBot is a significant threat in almost all sectors, with over a million devices thought to be infected worldwide.

TrickBot is usually spread through malicious links and attachments delivered by spear-phishing attacks. Once TrickBot has been installed, it gathers information for the attacker, eventually letting them gain privileged access to the system and launch further attacks.

Real TrickBot attack examples

  • 2020: The US healthcare sector was hit by a major cyberattack using Ryuk ransomware, which was installed on the victims’ devices by TrickBot.

Stopping TrickBot

  • Avoid unknown or unexpected attachments because they may harbor TrickBot. If possible, scan files you download with NordVPN’s Threat Protection feature or a reputable antivirus.
  • Avoid suspicious links in emails or text messages, whether from strangers or friends. Compromised accounts spread the infection by spamming the victim’s contacts with messages intent on tricking them to download the malware.
  • Use an antivirus to stop malware from compromising your device. Antiviruses can identify infected files, quarantine them from the rest of the system, and safely extract the malicious code.
  • Update your software regularly to patch newly discovered security flaws. This includes your operating system — don’t keep snoozing those critical security updates forever.