The investigation of Check Point Researcha division of Threat Intelligence of Check Point Software Technologies, has collected alarming data related to Trickbot, notorious banking trojan. As revealed by Check Point Research, in fact, Trickbot infected over 140,000 devices of customers Amazon, Microsoft, Google, PayPal and 56 other companies around the world since last November 2020. Furthermore, according to the analysis of CPR, hackers are now focused on a choice of high-profile targets with the aim of steal and compromise sensitive company data.
Check Point Research highlights the achievements of the Trickbot Trojan
The Trickbot Trojan is confirmed to be extremely dangerous. The data collected by Check Point Research confirm, in fact, a considerable diffusion. The table below highlights the percentage of organizations affected by Trickbot according to the findings of the investigations.
| region | Organizations affected | Percentage |
| World | 1 every 45 | 2.2% |
| APAC | 1 every 30 | 3.3% |
| America latina | 1 every 47 | 2.1% |
| Europe | 1 every 54 | 1.9% |
| Africa | 1 every 57 | 1.8% |
| North America | 1 every 69 | 1.4% |
How the trojan works
The system behind the Trojan involves the sending of malicious documents by hackers to carefully chosen e-mail addresses thanks to databases of stolen e-mail boxes. The user who receives the email downloads and opens a document triggering the execution of macros in the process. The malware is executed by leading to the download of the main Trickbot payload which establishes its presence in the device, subsequently starting the download of auxiliary modules which may have different functionality based on the objective.