TrickBot Rapidly Expands its Targets in August, Shifting Focus to US Banks and Credit Card Companies

article / Sept 14, 2017 (MODIFIED: Oct 17, 2017)

by Sara Boddy, Jesse Smith, Doron Voolf

TrickBot kicked into high gear coming into August with the most targeted URLs since its launch. It released a new worm module, shifted its focus towards the US, and soared past the one thousand target URL mark in a single configuration.

TrickBot Focuses on Wealth Management Services from its Dyre Core

article / Jul 27, 2017 (MODIFIED: Sept 01, 2017)

by Sara Boddy, Jesse Smith, Doron Voolf

As TrickBot evolves, we examine version 24, which heavily targets Nordic financial institutions, and we take a close look at the Dyre–TrickBot connection.

TrickBot Expands Global Targets Beyond Banks and Payment Processors to CRMs

blog / Jun 15, 2017 (MODIFIED: Aug 01, 2017)

by Sara Boddy, Jesse Smith, Doron Voolf

TrickBot shows no signs of slowing down as new targets are added and command and control servers hide within web hosting providers’ networks.

Ramnit's Twist: A Disappearing Configuration

blog / Feb 17, 2017 (MODIFIED: Jul 06, 2017)

by Anna Dorfman

The Ramnit banking Trojan continues to evolve, this time with the intent of making the malware harder to detect.

Web Injection Threats: The Cost of Community Engagement on Your Site

article / Jul 22, 2016 (MODIFIED: Jul 06, 2017)

by Sara Boddy

Customer engagement drives web application design, but user-generated content brings inherent security challenges.

Webinject Crafting Goes Professional: Gozi Sharing Tinba Webinjects

blog / May 26, 2016 (MODIFIED: Jul 06, 2017)

by Doron Voolf

Webinject crafting is a separate profession now. Hackers write webinjects and sell them to fraudsters, who use them to weaponize Trojans.

Webinject Analysis: Newsidran.com

report / Dec 12, 2015 (MODIFIED: Jul 06, 2017)

by Elman Reyes

Webinject attacks modify webpages to allow fraudsters to collect credentials, or act more directly against user accounts.

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.