• Skip to primary navigation
  • Skip to main content
S2 Grupo

Spanish Company Specialized in Cybersecurity

  • Company
    • About Us
    • Governing Bodies
    • CSR
    • Awards and Acknowledgments
  • Specialization
    • OT Industry
    • IT
    • OT Health
  • Solutions
  • R&D+I
  • Talent
  • News & Publications
  • Contact
  • facebook
  • twitter
  • instagram
  • linkedin
|
en arrow down
  • es
© 2023 S2 Grupo
Corporate

Trickbot, the main cybersecurity threat for the banking sector

30 Jun 2017
  • S2 Grupo has presented a report in which those responsible for its Malware Laboratory have analyzed the evolution of this type of Trojan that is mainly affecting digital banking.
  • Among the main conclusions of the study is that because of its rapid evolution it can affect other sectors and become one of the biggest cyber threats of the moment.
  • The main target countries for this virus were Australia, New Zealand and Germany.
  • While the main countries from which it operates are the US and China.

Valencia, June 19, 2017.- The Malware Laboratory of S2 Grupo has presented the 1st Malware Report that, on this occasion, has focused on the evolution of Trickbot. According to experts of the company, it is a type of Trojan virus that develops at a high speed and that in less than 6 months has reached its 17 version. Trickbot has become the main cybersecurity threat for the banking sector as it steals credentials and banking data from affected users. This malware is injected into the browser so that once the client accesses one of the monitored banks, it can compromise the security of the user. "While it is true that its main objective and behavior is focused on online banking users, being a modular Trojan it has capabilities that attackers could use for other purposes, such as document exfiltration. This means that in a short time Trickbot can become one of the biggest cyber threats of network users", said José Rosell, associate- director of S2 Grupo. "We thought it was a virus that was at an early stage of development, but seeing how it has evolved at a really rapid rate has made this report essential to provide more information about its patterns of behavior and contribute to improving cybersecurity both of people and of any kind of organization", continued Miguel A. Juan, associate-director of S2 Grupo. Main countries affected In its first movements it was observed that banks of Australia, New Zealand, Germany, United Kingdom, Canada, the United States, Israel and Ireland were targets. In recent months we have been observing how the list of target countries progressively increases and how they are gradually modifying the malware to make it more difficult to detect. The countries from which it has been found that Trickbot mainly operates are the US (7%), China (5%) and other countries such as Zambia (4%), Brazil (4%), India ), Romania (4%) or Ukraine (4%). Main conclusions of the 1st Malware Report of S2 Grupo The objective of this study was to analyze the operation of Trickbot in its new versions to know its way of acting and to be able to establish guidelines of prevention and disinfection that increase cybersecurity worldwide. As it has been pointed out from S2 Grupo, some of the main characteristics of Trickbot are that it:

  • Loads the code into the system.·
  • Creates a replica of itself in a directory named % APPDATA%·
  • Applies persistence techniques.·
  • Collects sensitive user information.·
  • Injects code into other applications to control the information they handle.·
  • Exfiltrates the information it gets to its command and control server.

From S2 Grupo it has been pointed out that the main route of infection of this type of malware occurs when opening a Word document that arrives by email or through some vulnerability exploited by a malware Exploit Kit when surfing the net. One of Trickbot's main evolutions is that, although in the first versions the loader (virus loading program) was marked with descriptive names, in the latest versions they are no longer, which makes it difficult to identify them by cybersecurity systems. It is also noteworthy the persistence action of this malware on systems that at first created a task program that was launched every minute to ensure that the program was still running, while in the latest versions it also runs simply when the user logs on. "Understanding its operation is easier to combat and manipulate its operation to prevent it from fulfilling its mission. That is why, in this report, we have extracted very useful information that will facilitate its detection, recover the stolen information and the appropriate steps for the disinfection of the system", explained Rosell. More information: prensa@s2grupo.es

  • fb
  • tw
  • in
Related Articles
Show all →
Corporate
S2 Grupo trains more than 1,300 families for the secure use of the Internet and New Technologies
Read more →
Corporate
Improve the security of “connected” medical devices and management systems, the main cybersecurity challenge in the health field
Read more →
Corporate
S2 Grupo joins the project “More Women, Better Companies” to promote equality in management positions
Read more →

Follow us in our newsletter

Subscribe through your email to stay up to date

S2 Grupo
© 2023 S2 Grupo
  • Press Center
  • Legal Disclaimer
  • Privacy Policy
  • Cookie policy
S2 Grupo utiliza cookies propias y de terceros para permitir tu navegación, fines analíticos y para mostrarte publicidad personalizada en base a un perfil elaborado a partir de tus hábitos de navegación (por ejemplo, páginas visitadas). Clica aquí para acceder a nuestra Política de Cookies. Puedes aceptar todas las cookies pulsando el botón “ACEPTAR” o configurar o rechazar su uso pulsando el Botón “CONFIGURAR”
ConfigurarAceptar cookies
Manage consent

Resumen de Privacidad

Este sitio web utiliza cookies para mejorar su experiencia mientras navega por el sitio web. De estas, las cookies que se clasifican como necesarias se almacenan en su navegador, ya que son esenciales para el funcionamiento de las funcionalidades básicas del sitio web. También utilizamos cookies de terceros que nos ayudan a analizar y comprender cómo utiliza este sitio web. Estas cookies se almacenarán en su navegador solo con su consentimiento. También tiene la opción de optar por no recibir estas cookies. Pero la exclusión voluntaria de algunas de estas cookies puede afectar su experiencia de navegación.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
pll_language1 yearThe pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Necessary
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
_GRECAPTCHA6 monthsThis cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-analytics1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional1 yearThe cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necesaria1 yearSet by the GDPR Cookie Consent plugin to store the user consent for cookies in the category "Necessary".
CookieLawInfoConsent1 yearRecords the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
SAVE & ACCEPT
Powered by CookieYes Logo