ESET researchers have participated in a global operation to disrupt the Trickbot botnet, which has since 2016, infected over a million computing devices.
Along with partners Microsoft, Lumen’s Black Lotus Labs Threat Research, NTT and others, the operation impacted Trickbot by tanking their command and control servers.
ESET contributed to the effort with technical analysis, statistical information and known command and control server domain names and IPs. Trickbot is known for stealing credentials from compromised computers and more recently, has been observed mostly as a delivery mechanism for more damaging attacks, such as ransomware.
ESET Research has been tracking its activities since its initial detection in late 2016.
“Over the years we’ve tracked it. Trickbot compromises have been reported in a steady manner, making it one of the largest and longest-lived botnets out there. Trickbot is one of the most prevalent banking malware families and this malware strain represents a threat for Internet users globally,” explained Jean-Ian Boutin, Head, Threat Research at ESET.
“Throughout its existence, this malware has been distributed in a number of ways. Recently, a chain we observed frequently is Trickbot being dropped on systems already compromised by Emotet, another large botnet. In the past, Trickbot malware was leveraged by its operators mostly as a banking trojan, stealing credentials from online bank accounts and trying to perform fraudulent transfers,” he said.
Boutin added that: “Through our monitoring of Trickbot campaigns, we collected tens of thousands of different configuration files, allowing us to know which websites were targeted by Trickbot’s operators. The targeted URLs mostly belong to financial institutions. Trying to disrupt this elusive threat is very challenging as it has various fallback mechanisms, and its interconnection with other highly active cybercriminal actors in the underground makes the overall operation extremely complex.”
Click below to share this article