Banking Trojan Inspired by WannaCry Ransomware to Add Self Spreading Ability

As we all know, that wave of WannaCry and Petya ransomware has been slowed down, many hackers and cyber criminals have taken lessons from international outbreaks to make their malware more powerful.

Security researchers have discovered recently at least one group of cyber criminals that are attempting to give  banking Trojan the self spreading worm-like capabilities that made recent ransomware attacks go worldwide

The new version of credential stealing TrickBot banking Trojan, known also as “1000029” (v24), has been found using the Windows Server Message Block (SMB), the same one that allowed WannaCry and Petya to spread across the world quickly.

TrickBot banking trojan spreads via email attachments impersonating invoices from a large unnamed “International Financial Institution,” but actually leads victims to a fake login page, thas is used to steal user credentials.

According to the security researchers, the latest discovery of new TrickBot variant provides an insight into what the operators behind the malware might be using in the near-future.

“Flashpoint assesses with moderate confidence that the Trickbot gang will likely continue to be a formidable force in the near term,” said Vitali Kremez, director of Research at Flashpoint. “

“Even though the worm module appears to be rather crude in its present state, it’s evident that the Trickbot gang learned from the global ransomware worm-like outbreaks of WannaCry and ‘NotPetya’ and is attempting to replicate their methodology.”

If you want to stay safe against malware infection, you should always be suspicious of unwanted files and documents sent over an email and should never click on links inside them unless verifying the source.

One more tip, to have a backup routine in place that makes copies to an external storage device that is not always connected to your PC.

Leave a Reply

Your email address will not be published. Required fields are marked *