Trickbot’s authors clearly aren’t done updating it — we recently found a new variant that uses an updated version of the pwgrab module that lets it grab remote application credentials.Read More
TrickBot continues to evolve as it adds more features to steal users’ credentials, the most recent development we published being the pwgrab32 module. Because of TrickBot’s modular capability, we found a newly added POS malware feature that makes this banking trojan more dangerous. The new module scans for indicators if an infected computer is connected to a network that supports POS services and machines.Read More
Trickbot (detected by Trend Micro as TSPY_TRICKBOT.THOIBEAI) now has a password grabber module that steals access from several applications and browsers.Read More
Ransomware has been one of the most prevalent, prolific, and pervasive threats in the 2017 threat landscape, with financial losses among enterprises and end users now likely to have reached billions of dollars. Locky ransomware, in particular, has come a long way since first emerging in early 2016. Despite the number of times it apparently spent in hiatus, Locky remains a relevant and credible threat given its impact on end users and especially businesses. Our detections show that it’s making another comeback with new campaigns.
A closer look at the file-encrypting malware’s activities reveals a constant: the use of spam. While they remain a major entry point for ransomware, Locky appears to be concentrating its distribution through large-scale spam campaigns of late, regardless of the variants released by its operators/developers.Read More