After many months of testing, the new banking Trojan called TrickBot began to take effect attacks to UK and Australian personal and business bank account holders.
TrickBot is reportedly fully functional and deploys two advanced browser manipulation techniques (server-side injections and redirection attacks) to compromise banking sessions.
Its effectiveness was tested for the first time by its creators last month, and in November it was released with two new synthetics in its malicious software. One is targeted at customers from four banks in the United Kingdom with redirection attacks, and the other beats bank account holders in Australian banks using server-side injections.
Users of financial institutions in New Zealand, Germany and Canada are also targets of TrickBot but to a lesser extent, to date at least.
Malware distribution options by its creators show a preference for business bank accounts.
"They send spam malware to companies in waves," said IBM security consultant Limor Kessem. They have also tried the Rig exploit kit.
The researchers report that TrickBot has similarities to the Cutwail botnet malware and uses the same crypter as Vawtrak, Pushdo and Cutwail.
TrickBot is ready to become the next big threat, and a serious contender in the banking malware market.