Don’t be tricked by the TrickBot banking Trojan 

TrickBot, which appears to be the successor of Dyre, has been making technical advances and is becoming a force to be reckoned with. According to IBM X-Force researchers, a team most recognized for commercial security, the operators of this malware has been releasing frequent updates with new configurations.

Since its emergence, the TrickBot gang has been focusing on the United Kingdom and Australia but recently has added Canada to its growing list of targets by developing capabilities to attack banks here.

Attacks of this kind which are known as “redirection attacks” first targeted Canadian banks back in 2015 with the launch of Dyre malware. This malware which was known for its infamous web browser manipulation techniques targeted business accounts of a handful of banks in Canada. After its disappearance, the Dridex Trojan emerged followed by GozNym.

The way a redirection attack works, as the name describes, is a redirect to a replica website. So, users who are trying to get to their online banking website are redirected to a different imitation website without reaching their bank’s real website. Now by keeping the users away from the bank’s official website, the cybercriminals can then mislead customers into revealing critical authentication codes without the bank knowing.

As of now, TrickBot’s activity in Canada is in the initial stage, but with its new updates and advancement this malware’s activity can increase during the holiday season and into 2017.

To help reduce the risk and mitigate threats of Trojans, there is a very good article with security tips you can implement to keep you safe.

For institutions like banks who are looking to learn more about how to mitigate threats like TrickBot simply go here.

Source: SecurityIntelligence