TrickBot Banking Malware Adds Screenlocker Component

In the world of cyber crime, Trickbot is one of the most popular banking trojan that has infected wide range of Windows PC. It is mainly known to target the bank to collect huge amount of money. According to the depth analysis, researchers report that latest version of Trickbot banking trojan includes a screenlocker component which means it will lock your screen and ask you to pay ransom fee in order to access PC normally. This news is really very bad for almost all banking users but the good news is that screenlocker mechanism is not completely function just yet and it still under the development phase.

Component of Trickbot banking trojan

Trickbot, a well known banking trojan has evolved in the recent years to become a malware dropper. The developers of such a malware infect victims with initial system malware strain that is very specialized in downloading several modules of Trickbot and conducting several operations. Security analysts reported that, it has been constantly updating and changing since beginning of 2016. It initially appeared to public as the banking malware but these days it has evolved into the malware downloader. It initially dropped a dll file named tabDll32.dll or tabDll64.dll and then after it drops three other files including :

  • Spreader_x86.dll – This module of TrickBot attempts to distribute to another Systems on the same network through SMB by leveraging the EternalRomance and other exploits that patched by MS17-010 security patch.
  • SsExecutor_x86.exe – This module is used together with first to execute after initial compromise. It is well known for establishing the boost persistence of infected machine.
  • ScreenLocker_x86.dll – This type of module is known to locks screen of the infected System. But it doesn’t lock the stored file. This module is a non-functional.

New Module of TrickBot Malware Often Developed For The Enterprise Networks

Being a System user, you may familiar with the facts that TrickBot malware had already SMB, a self-spreading worm component but since summer of 2017, it dropped wormDll32.dll file. All the aforementioned three files dropped through the newly discovered ,module of TrickBot malware which is designed to work together one after another, ignoring original worm component and screenlocker that trigger after distributing via network literally. According to the researchers, the module of TrickBot malware was developed as one-click method in order monetize the infections in the corporate network where system users ar5e less likely to use the e-banking services

Tips To Avoid PC Having Module of TrickBot Banking

  1. Be attentive while doing any online operation.
  2. Avoid yourself from opening any spam campaigns.
  3. Don’t visit any untrusted, hacked or malicious domain.
  4. Use only trusted sources to download any shareware or freeware packages.
  5. Keep a backup of your installed application and many more.

Leave a Comment

Your email address will not be published. Required fields are marked *