03 Aug TrickBot Trojan Targets Outlook and Steals Browser Data
Security researcher Hasherezade says that the infamous banking trojan TrickBot is being updated to infiltrate data from Microsoft Outlook and browsers.
According to Hasherezade, TrickBot developers from the Dyre group are adding new modules to the Trojan to steal browser data, including local storage, Cookies, Flash LSO, URL hits, and browsing history. They also incorporated new script to steal files from Outlook to open registry locks and collect credentials.
The said modules can also make a concealed desktop to run operations so users do not notice any suspicious activity on their computer.
In last week’s report by Flashpoint, TrickBot developers were setting up a module to exploit computers’ Server Message Block (SMB) to spread access locally, but it was not ready yet.
To date, the modules do not appear as well-coded as the original TrickBot. This may indicate the Dyre group is experimenting or using new programmers for the upgrades.
Source: SecurityWeek
