The cybergang behind the Trickbot banking trojan appears to have set its sights on Latin American as it continues to expands its list of global targets.
IBX X-Force researchers said the gang has been the most active financial trojan in the wild all summer and that the gang has recently targeted banks in Argentina, Chile, Colombia and Peru, according to an Oct. 11 report.
Researchers said the gang typically only starts with a small amount of activity in a region to test the waters before expanding and targeting more banks to set up redirection attacks. Attacks are delivered to potential victims via emails pushed by the Necurs botnet as part of an ongoing relationship that has been going on since mid-2017.
The botnet has also spread to a large number of other countries in a relatively small amount of time with the malware operating redirection attacks in over 20 countries and targeting banks in over 40 countries spanning Asia, Europe, North America, South America, Australia, New Zealand and the Nordics.
In recent attacks in which a large number of countries appears on the same list researchers found 63 percent of attacks targeted the U.S.; 11 percent; Spain; 10 percent, Australia; six percent, France; four percent, Switzerland Sweden and the U.K., respectively; and 16 percent, other.
Research described Trickbot as an evolving malware project that appears to have funding and alliances in the cybercrime arena and that they expect to see the trojan continue to target banks, organizations and consumers in Q4 2017.