Security news aggregator

Latest coverage for TrickBot

TrickBot is malware associated with cyber incidents, with reporting on its analysis, infrastructure, disruption efforts, and defensive guidance.

62 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

TrickBot is a modular Windows malware family first identified as a banking Trojan in 2016. Its modules have supported theft of credentials and other sensitive information, system discovery, and remote control. In documented campaigns, operators also used TrickBot as an access and payload-delivery component, including before ransomware activity; those associations do not mean every TrickBot infection leads to ransomware.

Reporting commonly covers TrickBot’s modules, command-and-control infrastructure, changing delivery mechanisms, and efforts to disrupt its operations. For defenders, an alert should prompt investigation beyond the initially infected host: isolate it, examine authentication and endpoint telemetry for credential theft or lateral activity, and reset exposed credentials from a trusted system. Keeping operating systems and internet-facing software patched, restricting administrative access, and monitoring unusual outbound connections can reduce the opportunity for follow-on activity. Threat-intelligence indicators are useful for detection, but should be combined with behavioral evidence because the malware and its infrastructure have changed over time.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 62
Krebs on Security 2 years, 1 month ago

‘Operation Endgame’ Hits Malware Delivery Platforms

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware "droppers" or "loaders" like IcedID, Smokeloader and Trickbot.

Bank Info Security 2 years, 5 months ago

Russian Hacker Sentenced to Over 5 Years in US Prison

Vladimir Dunaev Acknowledged Acting 'Recklessly' in Working for Cybercriminal GroupA U.S. federal judge sentenced a Russian national to five years and four months in prison for his role in developing TrickBot malware. Vladimir Dunaev, 40, pleaded guilty in December. Dunaev helped develop the malware "while hiding behind his computer," U.S. Attorney Rebecca Lutzko said.

Bank Info Security 2 years, 7 months ago

TrickBot Developer Pleads Guilty in US Court

Vladimir Dunaev Faces Up to 35 Years in PrisonA Russian national pleaded guilty in U.S. federal court for his role in developing TrickBot. Operators of the malware targeted hospitals and healthcare centers with ransomware attacks during the height of the novel coronavirus pandemic. Vladimir Dunaev faces up to 35 years in prison.

Loading more headlines...