TrickBot Rapidly Expands its Targets in August, Shifting Focus to US Banks and Credit Card Companies

article / Sept 14, 2017 (MODIFIED: Oct 17, 2017)

by Sara Boddy, Jesse Smith, Doron Voolf

TrickBot kicked into high gear coming into August with the most targeted URLs since its launch. It released a new worm module, shifted its focus towards the US, and soared past the one thousand target URL mark in a single configuration.

TrickBot Focuses on Wealth Management Services from its Dyre Core

article / Jul 27, 2017 (MODIFIED: Sept 01, 2017)

by Sara Boddy, Jesse Smith, Doron Voolf

As TrickBot evolves, we examine version 24, which heavily targets Nordic financial institutions, and we take a close look at the Dyre–TrickBot connection.

TrickBot Expands Global Targets Beyond Banks and Payment Processors to CRMs

blog / Jun 15, 2017 (MODIFIED: Aug 01, 2017)

by Sara Boddy, Jesse Smith, Doron Voolf

TrickBot shows no signs of slowing down as new targets are added and command and control servers hide within web hosting providers’ networks.

Marcher Gets Close to Users by Targeting Mobile Banking, Android Apps, Social Media, and Email

article / Apr 07, 2017 (MODIFIED: Sept 11, 2017)

by Doron Voolf

Marcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March.

Ramnit's Twist: A Disappearing Configuration

blog / Feb 17, 2017 (MODIFIED: Jul 06, 2017)

by Anna Dorfman

The Ramnit banking Trojan continues to evolve, this time with the intent of making the malware harder to detect.

TrickBot Now Targeting German Banking Group Sparkassen-Finanzgruppe

blog / Dec 01, 2016 (MODIFIED: Jul 06, 2017)

by Shaul Vilkomir-Preisman

TrickBot, the latest arrival to the banking malware scene and successor to the infamous Dyre botnet, is in constant flux.

Malware Targeting Bank Accounts Has a Swapping Pattern

article / Sept 01, 2016 (MODIFIED: Jul 06, 2017)

by Elman Reyes, Doron Voolf

F5 Labs analysts discovered a target pattern in the IBAN number formats as well as weekly changes to the script injection content. In May 2016, the F5 Security Operations Center (SOC) detected a generic form grabber and IBAN (International Bank...

Dridex is Watching You

article / Jun 17, 2016 (MODIFIED: Jul 06, 2017)

by Anna Dorfman

And we're watching Dridex. Here's the latest in this malware's evolution.

Dridex Update: Moving to US Financials with VNC

article / Apr 26, 2016 (MODIFIED: Jul 06, 2017)

by Doron Voolf

Ongoing campaign analysis has revealed that Dridex malware's latest focus has strongly shifted in recent months to US banks.

Dridex BOTnet 220 Campaign: Targeting UK Financials with Webinjects

article / Feb 25, 2016 (MODIFIED: Jul 06, 2017)

by Maxim Zavodchik

Like many other financial Trojans, the notorious Dridex malware keeps evolving and strengthening its presence.

Dyre Update: Moving to Edge and Windows 10 with Anti-Antivirus

blog / Nov 11, 2015 (MODIFIED: Jul 06, 2017)

by Julia Karpin

Dyre malware requires little introduction as it has been the focus of many publications, and it is a well-known threat. One of the reasons for it being so infamous is the frequent changes the authors incorporate in...

VBKlip Banking Trojan Goes Man-In-The-Browser

article / Apr 30, 2015 (MODIFIED: Jul 06, 2017)

by Julia Karpin

VBKlip has evolved significantly from searching for IBAN data in copy-paste functionality to MITB techniques.

Dyre In-Depth: Server-side Webinjects, I2P Evasion, and Sophisticated Encryption

report / Apr 12, 2015 (MODIFIED: Jul 06, 2017)

by Anna Dorfman, Avi Shulman

Dyre is one of the most sophisticated banking malware agents in the wild.

Tinba Malware: Domain Generation Algorithm Means New, Improved, and Persistent

report / Oct 15, 2014 (MODIFIED: Jul 06, 2017)

by Pasel Asinovsky

Tinba, also known as "Tinybanker", "Zusy" and "HµNT€R$", is a banking Trojan.

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.