The Necurs botnet has begun delivering the Trickbot banking Trojan to financial institutions in the United States, a sign of increasingly larger and more complex attacks on the industry.
Trickbot, which specifically threatens businesses in the financial sector, has been behind man-in-the-browser (MitB) attacks since 2016. Until now, its webinject configuration was only used to hit organizations outside the US.
Researchers at Flashpoint discovered a new Trickbot spam campaign, called “mac1” on July 17.