The banking trojan is consistently evolving in hopes of boosting its efficacy.
The banking trojan known as Trickbot has resurfaced, with an updated info-stealing module that allows it to harvest remote desktop application credentials.
According to Trend Micro’s Noel Anthony Llimos and Carl Maverick Pascual, a new variant has recently come on the scene, and is being spread via seasonally-themed spam emails that use tax-incentive lures purporting to be from Deloitte. The emails promise help for getting the most out of this year’s changes to the U.S. tax code. Yet attached is a macro-enabled Microsoft Excel spreadsheet, which once activated, will download Trickbot to the victim’s computer.