Light Dark
August 13, 2018 By Shane Schick 2 min read

Trickbot has formed a partnership with another banking Trojan, IcedID, to help distribute each other’s malware more widely — and possibly co-develop new capabilities.

A July 2018 Fortinet investigation into recent attacks using Trickbot showed that it was not only infecting victims’ networks to steal information, but also sending commands via its command and control (C&C) server to download the latest versions of IcedID. IcedID, a banking Trojan that spreads spam via email, was first discovered by IBM X-Force researchers late last year.

Trickbot, meanwhile, has been downloaded by IcedID in other campaigns.

When Two Trojans Are Worse Than One

Cybercriminals were once relatively territorial in how they worked. For instance, one of the first steps a banking Trojan might take upon penetrating an organization’s defenses would be to kill or remove competitive malware. The collaboration between Trickbot and IcedID suggests greater cooperation among groups of hackers who are subjecting victims to several exploits at once.

The researchers also noted that the two bots are now working similarly in some ways. IcedID, for instance, has added file name obfuscations and file content encryption — just like Trickbot. If banking Trojans are serving as a distribution channel for each other, it’s possible they are also giving each other ideas on how to become even more potent as they develop their next variant.

How “Least Privilege” Can Offer Greater Security

Trickbot and IcedID are not alone, and it may be difficult for even the most robust defenses to keep out every banking Trojan. Instead, IBM Security experts suggest expanding the way security teams think about the principle of least privilege.

By making sure employees can only make use of the applications and other resources they need on a daily basis — not just by role but by specific activities — it can make it more difficult for the likes of Trickbot and IcedID to get access to more credentials if they manage to break in.

Segmenting the network into areas where certain data or resources are under more strict control, meanwhile, could mean cybercriminals would have to work even harder to penetrate further and do damage. It might even be easier to spot them when they try to do so.

Source: Fortinet

 |  |  |  |  | 
Shane Schick
Writer & Editor

More from

July 26, 2024

test img

8 min read - What is Lorem Ipsum? Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and…

July 26, 2024

img test

7 min read - test imgWhat is Lorem Ipsum? Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature