Thursday, May 23, 2024
HomeCyber CrimeTrickBot Operators Strengthen Obfuscation Game with Layered Security

TrickBot Operators Strengthen Obfuscation Game with Layered Security

To thwart researchers, TrickBot operators are ramping up their operations with more security. Injections used in online banking fraud have been given several more layers of protection.

The added security

IBM Trusteer researchers looked at the most recent TrickBot injections and anti-analysis tactics used to disguise its actions. These techniques can be divided into four categories:

The first is server-side injection delivery, in which the operators inject from their server to make it easier for a downloader or JS loader to obtain the required injection from the server.

Second, they use the JS downloader to communicate with the C2 in a secure manner. It does injections by sending a secure HTTPS request to a C2 server controlled by the attackers.

As a third layer, the attackers employ anti-debugging. TrickBot’s JS code now includes an anti-debugging script. The goal is to anticipate potential researcher behaviours, such as the usage of code beautification techniques. To fail the code beautification, for example, TrickBot uses RegEx functions.

The use of encoding/obfuscation techniques, such as Base64, Minify/Uglify, number base and representing, string extraction and replacement, dead code injection, and Monkey patching, is the fourth.

The Injection Method

For banking fraud, TrickBot employs a number of injections to deceive both users and service providers.

Man-in-the-browser (MiTB) scripts are used by the operators to intercept communication between users and external services (e.g an online banking customer).

In order to intercept the targeted user’s traffic during web sessions, attackers typically use banking trojans in their attacks.

Injections for TrickBot are retrieved either locally from configuration files or in real-time from the inject server.

Furthermore, each bank’s assault strategies are altered to counter the problems that attackers face.


The latest findings demonstrate that TrickBot’s operators are quite adept and inventive when it comes to taking their malware to new heights. They make a concerted effort to keep their actions hidden from security radars. As a result, it is critical for companies and researchers to keep their strategies up to date and make consistent efforts to combat such risks.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us