In the world of malicious software, banking Trojans are nothing new. In fact, this type of malware has been around for as long as most people can remember. What is rather peculiar is how the TrickBot banking Trojan no longer just targets banking portals, but also the Coinbase exchange.
According to a recent version spotted in a distribution campaign by cybersecurity firm Forcepoint on August 29, the TrickBot banking trojan has added support for stealing funds stored in Coinbase.com accounts, the currency exchange site that operates exchanges between Bitcoin, Litecoin, and Ethereum to name a few. Though it seemingly cannot bypass 2FA on its own.
That is pretty disconcerting news for Bitcoin users who rely on this platform. It also shows cryptocurrency is attracting more interest from cybercriminals than ever before. Users of this exchange platform need to be extra wary when dealing with new types of software and conduct regular malware scans to keep their information safe.
The cybersecurity firm has also pointed out that they have captured, “8,600 related emails…with the UK, Canada, and France as the top three targets.”
The TrickBot banking trojan appeared in the autumn of 2016 and most experts believe it was developed by some of the developers who worked on the now defunct Dyre banking trojan, some of whose operators were arrested in late 2015 in Russia.
The involvement of malware coders with serious expertise was obvious from the beginning, as TrickBot was a well put together malware strain that featured many advanced features right from the get-go.
Every single time this malware makes headlines, it is because the project becomes even more versatile than it was before.
Following the analysis of said 8600 emails, Forcepoint noted an addition to their list of targets: Coinbase.com., is now a principal objective for the malware.