TrickBot emerged as a banking Trojan in 2016 and has significantly evolved since then. This malware was originally created to steal users’ credentials and banking information, but regular updates have made it more persistent and powerful. Let’s dive a little deeper into TrickBot and discuss how it differs from other malware.
Nov 15, 2021 · 4 min read
TrickBot spreads through malicious links and attachments delivered by spear-phishing attacks. These emails are usually well-crafted and wouldn’t raise the victim’s suspicion. Once you click on a link or attachment, TrickBot is executed, infecting your device with malware.
From the very beginning, TrickBot creators worked hard to make this malware as powerful as possible and operators continue to offer the botnet through a multi-purpose malware-as-a-service (MaaS) model. TrickBot can steal login credentials, harvest personally identifiable information, spread malware across the network, and even disable Windows Defender’s real-time monitoring.
It can also be used to distribute ransomware like Ryuk and Conti. Hackers get inside the victim’s device by using TrickBot and then deploy ransomware to lock them out of their files. Very often, this scheme also involves a third well-known type of malware, Emotet. Here’s how it works:
TrickBot is considered to be one of the most notorious pieces of malware. Microsoft, US Cyber Command, and various cybersecurity companies have all tried to beat TrickBot but eventually failed. Estimates say that TrickBot might have control over 1 million hijacked computers, posing a great threat to national security, the healthcare sector, and critical infrastructure.
In September 2020, Universal Health Services (UHS), one of the largest healthcare providers in the US, was hit by a ransomware attack. Hackers used TrickBot to deliver Ryuk, which caused UHS IT systems to go offline.
If you’re experiencing signs of malware and have a feeling that there’s TrickBot on your device, you have to act fast. Otherwise, hackers can harvest your data and even invite more malware. The internet is full of tutorials explaining how to remove malware on Windows 10 or macOS, but here are a few general tips:
Never click on suspicious links or attachments. Always closely inspect every email you get and never rush to click on any attachments, links, or customer forms, especially if these emails are coming from government institutions, banks, healthcare providers, or well-known brands, as those are impersonated the most.
Use antivirus software. While most operating systems come with pre-installed security software, having a third-party antivirus on your computer is not a bad idea. Malware is getting more sophisticated, and we need to use all the possible tools to mitigate the risk of getting infected.
Keep your computer updated. Hackers often exploit software vulnerabilities and use them to get inside the victim’s system. Never postpone updates, as bad actors can exploit a bug that was fixed months ago.
Avoid suspicious pop-ups and ads. If a website contains flashy ads and pop-ups, there’s a chance that something fishy is going on. Unless you know for sure the website is legitimate, run away as fast as you can.
Create a non-administrative account. It’s a good practice to own several user accounts on your device with different privileges. This means that you can create an account which doesn’t have the right to install any software and use it only for daily browsing. TrickBot and other malware need administrative access to execute commands, so this can considerably improve your security.
Use a VPN. A virtual private network encrypts your traffic and hides your IP address, thus enhancing your privacy and security. If you often connect to public Wi-Fi, a VPN is a must. Hackers can set fake hotspots, trick you into connecting to them, monitor your network data, and even infect you with malware. With one NordVPN account, you can protect up to six devices: laptops, smartphones, tablets, and more. NordVPN even has the CyberSec feature which blocks annoying ads, infected websites, and sites created to spread malware.