TrickBot. Rendering of graphs and diagrams ...
  Jan. 19, 2024 ∘ 6 days ago
MaaS Botnet Cybercrime Group Bank Trojan Stealer Loader

TrickBot is a banking Trojan that has transformed into one of the most extensive botnets.

Initially, the main function was to steal bank details by redirecting victims to a fake bank account and obtaining credentials entered on a fake web page.

Subsequently, TrickBot operators expanded its capabilities and continued to provide other cybercriminal groups with MaaS-service for accessing infected systems and downloading other malicious computer programs, including Ryuk and Conti ransomware viruses and the Emotet Trojan.

The victims of TrickBot are organizations located mainly in the United States, Great Britain, Australia, New Zealand, Canada and Germany.

Trickbot was first reported in October 2016, shortly after the detention in 2015 of the Russian cybercriminal group «Dyre». TrickBot is developed on the basis of the source code of the malicious computer program Dyre, in connection with which it is believed that its operators are the same persons as the creators of Dyre.


Activity dynamics 

Malicious infrastructure growth dynamics  

Countries where most part of the malicious infrastructure is located 
Malicious infrastructure map 

Malicious infrastructure rose 

Extensions of captured samples 

March 22, 2022, noon

The king of the botnet world is rapidly restoring his former greatness in cyberspace and is building up an army of infected users' computers around the world