Select Page

The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure, even as the advanced Trojan is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021.

Most of the victims detected since November 1, 2020, are from Portugal (18%), the U.S. (14%), and India (5%), followed by Brazil (4%), Turkey (3%), Russia (3%), and China (3%), Check Point Research noted in a report shared with The Hacker News, with government, finance, and manufacturing entities emerging the top affected industry verticals.

“Emotet is a strong indicator of future ransomware attacks, as the malware provides ransomware gangs a backdoor into compromised machines,” said the researchers, who detected 223 different Trickbot campaigns over the course of the last six months.

Both TrickBot and Emotet are botnets, which are a network of internet-connected devices infected by malware and can be tasked to conduct an array of malicious activities. TrickBot originated as a C++ banking Trojan and as a successor of Dyre malware in 2016, featuring capabilities to steal financial details, account credentials and other sensitive information; laterally spread across a network; and drop additional payloads, including Conti, Diavol, and Ryuk ransomware strains.

images from Hacker News