Author
Listed:
- Ruveyda Celik
(Kayseri University, Kayseri, Turkey)
- Ali Gezer
(Kayseri University, Vocational College, Kayseri, Turkey)
Abstract
Trickbot is a banking trojan designed to steal users private information. Trickbot trojan first appeared in late October 2016 and targeted banks in Australia. Later, it has targeted many other countries financial institutions, banks and credit card providers. As of April 2017, there have been attacks on leading banks in the UK, US, Switzerland, Germany, Canada, New Zealand, France, Ireland. However, in late 2017, the use of encryption techniques in Trickbot became very popular. Later on, Trickbot launched some updates into its malware code. Due to these updates, Trickbot has been constantly evolving and gaining new features. In addition, with added new modules, Trickbot is able to spread itself and infect as many computers as possible. Generally, Trickbot spreads itself with spam e-email campains which includes e-mail attachments that are often hidden as a Microsoft Office document with active macros. When the malicious sample is executed, it downloads some other binaries. In November 2018, Trickbot authors developed a new module for stealing credentials from the most known applications, such as FileZilla, Microsoft Outlook, and WinSCP. From the beginning of January 2019, the latest versions have been available through seasonal themed spam emails, as if they are coming from a major financial advisory firm. In this study, we conducted analyses to reveal Trickbot behaviour while its code is injected into Banking official web sites. We performed static and dynamic analyses using different tools to identify TrickBot-associated streams and detect TrickBot infection. As a result of the analysis, we found out that its authors use web injections to banking websites to steal and access login information. In addition, our analysis revealed that Trickbot targets many international banks in many countries via web injections. We also discovered that Trickbot uses different interfaces and files to replicate itself.
Suggested Citation
Ruveyda Celik & Ali Gezer, 2019.
"Behavioral Analysis of Trickbot Banking Trojan with its New Tricks,"
International Journal of Technology and Engineering Studies, PROF.IR.DR.Mohid Jailani Mohd Nor, vol. 5(3), pages 95-105.
Handle:
RePEc:apa:ijtess:2019:p:95-105
DOI: 10.20469/ijtes.5.10004-3
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:apa:ijtess:2019:p:95-105. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: PROF.IR.DR.Mohid Jailani Mohd Nor (email available below). General contact details of provider: https://kkgpublications.com/technology/ .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.
Printed from https://ideas.repec.org/a/apa/ijtess/2019p95-105.html
