Malware Trickbot Learned to Steal Passwords from Applications and Browsers – Specialists from Trend Micro reported that the famous Trickbot banker has acquired new modules and is now stealing even more data.
Let me remind you that in March of this year, the malware acquired the functionality of a locker and learned to avoid detection very effectively, and now the authors of the malware have expanded the Trickbot arsenal with the PasswordGrabber module, designed to steal passwords from infected machines.
After receiving a new module from the C & C server, Trickbot searches for logins and passwords in Microsoft Outlook, Filezilla and WinScp, as well as in Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge browsers. Malware is also interested in browser history, cookies, information used for auto-completion, and so on.
In this case, the researchers emphasize that this version of Trickbot is not able to steal passwords from third-party password managers. Currently, experts are still studying the new version of malware and are trying to determine whether the same applies to password extensions and browser plugins.
Trend Micro analysts write that the new Trickbot is also able to register in Windows autoload, which allows Malvari to firmly fix in the system and restart after each shutdown or reboot. Since last fall, Trickbot acquired a self-reproduction mechanism, similar to WannaCry and NotPetya, all of these features combined make malware extremely dangerous.
Infections of the new version of Trickbot with the PasswordGrabber module have already been noticed all over the world, but most of all affected in the USA, Canada and the Philippines.