As if it were a great gang of criminals, this has been the fall of Trickbot. The name may be little known, but it is considered by the United States as one of the greatest threats due to its well-known ransomware attacks.
This week has fallen, one of the largest botnets in the world. Since its appearance in 2016, it is estimated that it has infected more than one million devices. This “organization” has fallen with the union of Microsoft and several cybersecurity firms: ESET, NTT and Black Lotus Labs.
“We have now cut off key infrastructure so that those who operate Trickbot can no longer initiate new infections or activate ransomware already on computer systems,” Microsoft announced in a statement.
During the investigation, the American giant analyzed more than 60,000 samples, “what makes it so dangerous is that it constantly evolves,” he says.
Trickbot, who is behind it is unknown, is responsible for ransomware attacks such as Emotet or Ryuk, the best known in recent years.
Through a judicial act, Microsoft has managed to tear down this network after taking control of the servers that served as the basis for Trickbot to carry out its attacks. “Trickbot was causing irreparable damage to the Microsoft brand, corrupting its products and altering the way Windows works.”
From banking Trojan to super network
In its years of operation, Trickbot has been distributed in different ways. For example, recently it has been observed how Trickbot was downloaded in systems compromised by Emotet, another very important botnet.
In the past, Trickbot was used primarily as a banking Trojan that stole bank accounts and intended to make fraudulent transfers
One of the oldest plugins developed for the platform allowed Trickbot to use web injection attacks, a technique that allows malware to dynamically make changes to specific pages that the victim visits.
“Throughout this time, Trickbot has been observed to compromise devices in a stable way, making it one of the longest-lived botnets,” explains Jean-Ian Boutin, Head of Threat Research at ESET.
“Trickbot is one of the largest banking malware families and represents a threat to Internet users around the world,” he adds.
However, Microsoft warns that “Trickbot operators will make efforts to reactivate their operations and we will work with our partners to monitor their activities and take additional legal and technical measures to stop them.”