TrickBot Emerges with a Few New Tricks - Analysis from Zscaler ThreatLabZ
April 2020 by Zscaler
First observed in 2016, TrickBot is a successor of the banking trojan Dyre and has become one of the most prevalent and dangerous malware strains in today’s threat landscape. TrickBot is continually evolving as its developers add new features and tricks. It is modular, with a main bot binary that loads other plugins capable of specific tasks, with new modules being introduced and old ones being improved at regular intervals.
TrickBot is often seen working with other types of malware, sometimes using them as an initial infection vector to find its way into the target host or downloading other malware families to get the most out of an infection. The Zscaler ThreatLabZ team has been tracking the bot for a number of years and proactively ensuring coverage to block downloaders, payloads, webinjects, and C&C activity from TrickBot and related malware.