TrickBot is a banking Trojan that has transformed into one of the most extensive botnets.
Initially, the main function was to steal bank details by redirecting victims to a fake bank account and obtaining credentials entered on a fake web page.
Subsequently, TrickBot operators expanded its capabilities and continued to provide other cybercriminal groups with MaaS-service for accessing infected systems and downloading other malicious computer programs, including Ryuk and Conti ransomware viruses and the Emotet Trojan.
The victims of TrickBot are organizations located mainly in the United States, Great Britain, Australia, New Zealand, Canada and Germany.
Trickbot was first reported in October 2016, shortly after the detention in 2015 of the Russian cybercriminal group «Dyre». TrickBot is developed on the basis of the source code of the malicious computer program Dyre, in connection with which it is believed that its operators are the same persons as the creators of Dyre.