IBM X-Force data indicated that Trickbot banking Trojan is undergoing code modifications and global attacks are increasingly targeting Japan ahead of the 2020 holidays. IBM reported that Trickbot is currently the most active and widely used baking Trojan. In August, Trickbot was modified to target mobile devices and is the primary payload in attacks conducted against healthcare firms, which have skyrocketed over the past year. Trickbot has most frequently appeared in attacks against Western and English-speaking companies, but recently began hitting Japanese banks. IBM X-Force urges Japanese consumers to be wary of Trickbot on e-commerce sites when shopping during this time.
Campaigns on Japanese entities have been using malicious spam by the Emotet botnet to drop Trickbot onto devices that have been targeted, and Web injections have been used on banking websites that ultimately lead to bank fraud. Trickbot can trick victims into sharing personally identifiable data, often through e-commerce check out functions. Although Trickbot’s appearance in Japan concerns many security researchers, they warn of a greater risk: Trickbot attacks turning into Ryuk ransomware.