Trickbot hit 140.000+ Amazon, Microsoft & Google customers

Check Point Research (CPR) has discovered new and complex details about its development Trickbot.

The well-known banking Trojan steals and exposes the data of its victims, targeting high-profile victims. CPR has registered more than 140.000 Trickbot-infected machines since November 2020, many of which are customers of well-known companies such as Amazon, Microsoft, Google and PayPal. In total, CPR listed 60 companies whose customers have fallen victim to it over the past 14 months.

1 Chart. Companies whose customers are the target of Trickbot



Basic details of implementing Trickbot 

Malware is very selective in the way it chooses its targets

- Various tricks - including anti-analysis and anti-Deobfuscation - applied inside the modules demonstrate the high technical background of its creators

- Its infrastructure can be used by various families of malware to cause more damage to infected computers 

- Sophisticated and flexible malware with more than 20 modules that can be downloaded and run to order

How Trickbot works:

1. Perpetrators receive a database of stolen emails and send malicious documents to selected addresses.

2. The user downloads and opens such a document, allowing macros to be executed during the process

3. The first stage of the malware is executed and the main load of the Trickbot is downloaded.

4. The main load of the Trickbot is executed and it establishes its stay in the infected machine.

5. Trickbot auxiliary modules can be downloaded to the infected machine to order from the threat carriers, the functionality of these modules can vary: it can spread through corrupt corporate network, steal corporate credentials, snatch bank links. λπ.

  USB Flash Security lock the USB with a password


The following is a map of the percentage of organisms affected by Trickbot in each country according to CPR telemetry data:

2 Chart. Percentage of organisms affected by Trickbot (the darker the color - the greater the impact)


The following is a table showing the percentage of organisms affected by Trickbot in each area:


Affected organizations



1 on 45



1 in 30


Latin America

1 in 47



1 in 54



1 in 57


North America

1 in 69


Comment by Alexander Chailytko, Cyber ​​Security, Research & Innovation Manager at Check Point Software Technologies,

"Trickbot's numbers are shocking. We have recorded over 140.000 machines targeting customers of some of the largest and most trusted companies in the world. We continue to observe that the creators of Trickbot have the ability to approach the development of malware from a very low level and to pay attention to small details. Trickbot attacks high-profile victims to steal credentials and give operators access to gateways with sensitive data, where they can do even more damage. At the same time, we know that the operators behind the application also have extensive experience in developing high-level malware. The combination of these two factors is what allows Trickbot to remain a dangerous threat here for more than 5 years. "I urge users to open documents only from trusted sources and use different passwords on different sites on the Internet."

Security Tips 

1. Only open documents that you receive from trusted sources. Do not enable macro execution in documents.

  The toy company Mattel was hit by ransomware

2. Make sure you have the latest operating system and anti-virus updates.

3. Use different passwords on different websites.

Annex - The list of target companies  
Company Field
The Amazon E-commerce
American Express Credit Card Service
AmeriTrade Financial Services
AOL Online service provider
Associated Banc Corp. Bank Holding
BancorpSouth Banking
Bank of Montreal Investment banking
Barclays Bank Delaware Banking Cryptocurrency Financial Services
Canadian Imperial Bank of Commerce Financial Services
Capital One Bank Holding
Card Center Direct Digital Banking
Centennial Bank Bank Holding
Chase Consumer Banking
Citi Financial Services
Citibank Digital Banking
Citizens Financial Group Banking
Coamerica Financial Services
Columbia Bank Banking
Desjardins Group Financial Services
E-Trade Financial Services
Fidelity Financial Services
Fifth Third  Banking
FundsXpress IT service management
Google Technology
GoToMyCard Financial Services
Hawaii USA Federal Credit Union Credit Union
Huntington bancshares Bank Holding
Huntington bank Bank Holding
Interactive Brokers Financial Services
JPMorgan Chase Investment banking
Keybank Banking
LexisNexis data mining
M&T Bank Banking
Microsoft Technology
Federal Navy Credit Union
paypal financial technology
PNC Bank Banking
RBCBank Banking
Robinhood Stock Trading
Royal Bank of Canada Financial Services
Schwab Financial Services
Scotiabank Canada Banking
SunTrust Bank Bank Holding
Synchrony Financial Services
Synovus Financial Services
T. Rowe Price Investment Management
TD Bank Banking
TD Commercial Banking Financial Services
TIAA Insurance
Truist financial Bank Holding
US Bancorp Bank Holding
Unionbank commercial banking
USAA Financial Services
Vanguard Investment Management
Wells Fargo Financial Services
Yahoo Technology
ZoomInfo Software as a service


Registration in via email

Your email for sending each new post

Follow us on Google News at Google news

Leave a reply

Your email address Will not be published.

19 +    = 24

Previous Story

Remington becomes the first weapons company to be held responsible for mass slaughter

Next Story

Proton 7.0 from Valve: More games on Linux