EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Behavioral Analysis of Trickbot Banking Trojan with its New Tricks

Ruveyda Celik and Ali Gezer
Additional contact information
Ruveyda Celik: Kayseri University, Kayseri, Turkey
Ali Gezer: Kayseri University, Vocational College, Kayseri, Turkey

International Journal of Technology and Engineering Studies, 2019, vol. 5, issue 3, 95-105

Abstract: Trickbot is a banking trojan designed to steal users private information. Trickbot trojan first appeared in late October 2016 and targeted banks in Australia. Later, it has targeted many other countries financial institutions, banks and credit card providers. As of April 2017, there have been attacks on leading banks in the UK, US, Switzerland, Germany, Canada, New Zealand, France, Ireland. However, in late 2017, the use of encryption techniques in Trickbot became very popular. Later on, Trickbot launched some updates into its malware code. Due to these updates, Trickbot has been constantly evolving and gaining new features. In addition, with added new modules, Trickbot is able to spread itself and infect as many computers as possible. Generally, Trickbot spreads itself with spam e-email campains which includes e-mail attachments that are often hidden as a Microsoft Office document with active macros. When the malicious sample is executed, it downloads some other binaries. In November 2018, Trickbot authors developed a new module for stealing credentials from the most known applications, such as FileZilla, Microsoft Outlook, and WinSCP. From the beginning of January 2019, the latest versions have been available through seasonal themed spam emails, as if they are coming from a major financial advisory firm. In this study, we conducted analyses to reveal Trickbot behaviour while its code is injected into Banking official web sites. We performed static and dynamic analyses using different tools to identify TrickBot-associated streams and detect TrickBot infection. As a result of the analysis, we found out that its authors use web injections to banking websites to steal and access login information. In addition, our analysis revealed that Trickbot targets many international banks in many countries via web injections. We also discovered that Trickbot uses different interfaces and files to replicate itself.

Keywords: Trickbot; web injections; malware analyses; banking trojan (search for similar items in EconPapers)
Date: 2019
References: Add references at CitEc
Citations:

Downloads: (external link)
https://kkgpublications.com/technology-engineering-studies-volume-5-issue-3/ (application/pdf)
https://kkgpublications.com/wp-content/uploads/2020/10/ijtes.5.10004-3.pdf (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:apa:ijtess:2019:p:95-105

DOI: 10.20469/ijtes.5.10004-3

Access Statistics for this article

International Journal of Technology and Engineering Studies is currently edited by PROF.IR.DR.Mohid Jailani Mohd Nor

More articles in International Journal of Technology and Engineering Studies from PROF.IR.DR.Mohid Jailani Mohd Nor Calle Alarcon 66, Sant Adrian De Besos 08930, Barcelona Spain.
Bibliographic data for series maintained by PROF.IR.DR.Mohid Jailani Mohd Nor ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:apa:ijtess:2019:p:95-105