Discovering Trickbot, the malware that infected Big Tech

Alla scoperta di Trickbot, il malware che ha infettato Big Tech thumbnail

Point blank question: What scares Microsoft, Google, Amazon and PayPal? Answer: the European Union which is imposing continuous sanctions to contain the monopolistic attitudes of the giants of the technology sector.

Correct answer? Nì: exact but partial. Even a piece of malware, called Trickbot, was able to hit the companies we mentioned. And, along with them, at least 60 other companies, infecting around 140,000 devices from November 2020 to today.

Trickbot had already been reported in June 2021, when Check Point Research, a newspaper of Check Point Software Technologies, had indicated it as the most widespread malware in Italy. It was then responsible for 12% of ransomware attacks in our country (and 7% globally).

Check Point Research has now published a new report regarding Trickbot on its website on Wednesday, February 16. Let’s see what it is, but first let’s remember what Trickbot is.

What is Trickbot

Trickbot is a Windows malware first used in 2016 by cybercriminalswho infiltrated the computers of companies and individuals to spy on confidential data.

Since then, the malicious abilities of trickbot have multiplied, and the insidiousness of the malware lies precisely in its continuous mutability, as we reported in an article last July.

Trickbot is now capable of modifying network traffic and can widen its spread or facilitate the download of other malware.

How Trickbot works

Trickbot makes its way through phishing emails, which contain infected attachments: if opened, they cause the download of the malware. Another way, that of relying on malicious software updates.

The malware attack focuses primarily on the protection systems and antivirus present. Then Trickbot spies on the user’s data and forwards it to the hackers who launched the attack.

Data stuffing affects not only individuals but also banks and financial institutions. And also the Tech giants, as we will see. The method is the one used more and more often: files are held hostage and a hostage is required to return them to their rightful owner.

The Check Point Research report

The very recent report by Check Point Research unfortunately shows, as we said, a Trickbot in splendid shape. Thanks also to its ability to update itself.

And so, data from the magazine of the world’s leading cybersecurity supplies tell us about offensive to over 140,000 devices. Which also belong to customers of big companies like Amazon, Microsoft, Google, and PayPal. In addition to cryptocurrency companies and other industries (American Express is among the victims), a total of 60 companies under attack from November 2020 to today.

Impressive is the fact that globally this malware is responsible for attacks on a company in every 45, for a percentage of 2.2%. Percentage rising to 3.3% (one company out of every 30) in the Southeast Asian area.

Check Point’s comment

Commented on the evergreen Trickbot threat Alexander Chailytko, Cyber ​​Security, Research & Innovation Manager of Check Point Software Technologies.

Chailytko said: “Trickbot’s numbers are staggering. We have documented over 140,000 infected machines from the largest and most reputable companies in the world. We have noticed that these hackers have the ability to develop malware from a very low level and pay attention to the small details. Trickbot attacks high-profile victims to steal credentials and give authors access to portals with sensitive data, where they can cause even more damage. At the same time, the authors behind the infrastructure are also very experienced in developing high-level malware. The combination of these two factors is what allows Trickbot to remain a dangerous threat for over 5 years ”.

Is Trickbot a BazarBackdoor?

But there are those who think otherwise. Research firm AdvIntel interviewed the Conti cybercriminal group, which allegedly bought Trickbot. And that, considering it now too easily recognizable by antivirus, they would have said that they already have a replacement malware, BazarBackdoor, much more difficult to identify.

How to defend yourself

Alexander Chailytko remembers the obvious (but an obvious often overlooked) to defend against the risks of phishing: “I strongly urge people to only open documents from trusted sources and to use different passwords on different websites.”

We allow ourselves to add to use professional antivirus software, to always keep the software of your device up to date, and to pay attention during the software update. In addition to using official products (and perhaps, if in doubt, refuse additional packages when downloading).