Name of Malware: TrickBot (Trickster, TheTrick, TrickLoader)

Type of Malware: Backdoor, Bot, Banking Trojan, Dropper, Information Stealer, Spyware, Worm

Affected Operating Systems: Windows

Affected Device Types: PCs, laptops etc.

Impact: high

What is TrickBot?

TrickBot was originally developed as a banking Trojan. It collects financial and transaction data on the infected system, exfiltrating it via the Internet to the attacker. Since its discovery in 2016, however, additional functionality has been added, such as stealing passwords, penetrating networks, and deploying and executing other malware, such as ransomware. To provide the attacker with long-term access, a permanent communication link to the attacker server is established.

How did I get infected with TrickBot?

The infection often occurs through infected MS Office documents that are sent via email to the victims (spear phishing). However, TrickBot can also enter the system through other malware, such as Emotet. In addition, vulnerabilities in the system can also be exploited for infection. Once a system is infected, the malware can autonomously spread within the local network.

What do I have to do now?

To remove TrickBot, it is recommended to scan the infected system with an antivirus program. Since the infection sometimes comes with additional malware, reinstallation of the operating system may be necessary.

found under Removing infections from PCs, laptops etc.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.