As if it were a large gang of criminals, this has been the fall of Trickbot. Perhaps the name is little known, but it is considered by the United States as one of the biggest threats due to its well-known ransomware attacks.
This week, one of the largest botnets in the world has fallen. Since its appearance in 2016, it is estimated that it has infected more than one million devices. This “organization” has fallen with the union of Microsoft and several cybersecurity firms: ESET, NTT and Black Lotus Labs.
“We have now cut off key infrastructure so that those operating Trickbot can no longer initiate new infections or activate ransomware already on computer systems,” Microsoft announces in a statement.
During the investigation, the American giant analyzed more than 60,000 samples, “what makes it so dangerous is that it constantly evolves,” he points out. Trickbot, whose identity is unknown, is responsible for ransomware attacks such as Emotet or Ryuk, the best known in recent years.
Through a judicial act, Microsoft has managed to bring down this network after taking control of the servers that served as a base for Trickbot to carry out its attacks. “Trickbot caused irreparable damage to the Microsoft brand, corrupting its products and altering the operation of Windows.”
From banking trojan to super network
In its years of operation, Trickbot has been distributed in different ways. For example, recently we have been observing how Trickbot was downloaded on systems compromised by Emotet, another very important botnet. In the past, Trickbot was primarily used as a banking Trojan that stole bank accounts and attempted to make fraudulent transfers.
One of the oldest plugins developed for the platform allowed Trickbot to use web injection attacks, a technique that allows the malware to dynamically make changes to some specific pages that the victim visits.
“Throughout all this time, Trickbot has been observed compromising devices in a stable manner, making it one of the longest-lived botnets,” explains Jean-Ian Boutin, head of threat research at ESET. “Trickbot is one of the largest banking malware families and represents a threat to Internet users around the world,” he adds.
However, Microsoft warns that “Trickbot operators will make efforts to reactivate their operations and we will work with our partners to monitor their activities and take additional legal and technical measures to stop them.”