TrickBot's bag of tricks

06 June 2017

My name is Bart Parys and I work as a Threat Intelligence Analyst at PwC. I spend a lot of my time focused on researching targeted attacks and advanced persistent threat (APT) actors, but I also research some opportunistic cybercrime, including ransomware and banking trojans.

The banking trojan landscape has been tumultuous over the past years: several cybercriminal groups have been trying to become the next major player as tools and techniques continue to evolve on a vast scale.

Banking trojans, with famous examples including Zeus and Dridex, have only been improving their means of delivery, code complexity and targets - often, a plethora of banks are targeted simultaneously, either in specific regions or, as we’ll unravel in this post today, a multitude of regions and banks.

The increase in the number of challenger banks emerging recently has also resulted in cyber criminals adding new functionality into their malware to target these new businesses as well. A more recent player in the banking trojan landscape is TrickBot, a modular banking trojan with capability and resourcefulness to target many potential victims.

Discover more about TrickBot in my report published here, which provides broader information about this particular banking trojan, and why it is important to stay ahead of the latest cybercrime polluting the landscape.

PwC Threat Intelligence subscribers can refer to CTO-TIB-20170510-01A published in May 2017 for further details and the wider context to this activity. Any additional queries or requests can also be made to: and we will be happy to assist.

The full analysis and indicators of compromise can be found here.

Bart Parys

Bart Parys | Threat Intelligence Analyst
Profile | Email


More articles by Bart Parys



Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated and will not appear until the author has approved them.