Analyzing TrickBot, a banking malware for Windows

Although it is true that malware attacks have been changing in recent years, a large part of them is still used to steal victims' banking credentials.

In recent months ransomware attacks have become very popular, since the benefit that attackers can obtain is usually greater than the benefit obtained through malware focused solely on the theft of banking information. In addition, the risk is lower, since using the stolen credentials for the end theft of money involves a greater risk, except in cases where the stolen credentials are sold on the 'deep web'.

In addition to the risks for attackers, technology has also advanced in recent years, and users have dual authentication factors, whether by SMS, biometric data or using any other mechanism. These mechanisms are designed to hinder the use of stolen credentials, verifying that it is indeed the user who is trying to log in or make a transaction.

That is why file hijacking attacks have become so popular. In addition to having fewer risks and problems when it comes to obtaining the economic benefit, they are also easier to execute. As we will see, the complexity of banking malware for Windows is very high compared to the ease of ransomware development.

We are going to examine the operation of one of the most popular banking malwares: 'TrickBot'. As we can see on the graph below, every hour an average of 200 samples of this banking Trojan are analyzed on VirusTotal.

The techniques used by this banking malware are commonly used by other banking Trojans to steal logon credentials, not only for bank accounts, but also for other services of interest, such as Amazon.

If you are interested in continuing to read the full malware analysis you can download.


Analyzing TrickBot, one of the most popular banking malwares for Windows

Although malware for mobile devices has gained popularity in recent years due to the rise of smartphones, where almost anything can be managed today, desktop malware is still there.

Moreover, with the improvements introduced in threat detection, it is the malware developers who evolve and include increasingly complex functionalities to achieve their objective and steal banking credentials.


Posted by David García

In his more than 9-year professional career, he has been involved in multiple projects, the most important being in the fields of managed security, anti-fraud and ethical hacking services, and malware analysis. He has contributed his know-how and security-related improvements to a wide variety of fraud and vulnerability analysis products. He currently oversees the smooth running of our different products and researches current fraud developments in order to showcase buguroo overseas as well as providing the development department with feedback on the latest malware and cybercriminal trends.



buguroo’s cloud-based fraud detection delivers a straightforward solution for detecting and stopping today’s – and tomorrow’s malware threats. Banks and their customers can be protected from one of the most malicious threats in use by cybercriminals.


Solicita una demo

Would you like to know how our solution protects your bank?

Check how our solution can help you to resolve your company's online fraud issues by requesting a free DEMO and we explain it to you in detail.

Watch video

Did you like it? Share in your social communities.