Light Dark
August 13, 2018 By Shane Schick 2 min read

Trickbot has formed a partnership with another banking Trojan, IcedID, to help distribute each other’s malware more widely — and possibly co-develop new capabilities.

A July 2018 Fortinet investigation into recent attacks using Trickbot showed that it was not only infecting victims’ networks to steal information, but also sending commands via its command and control (C&C) server to download the latest versions of IcedID. IcedID, a banking Trojan that spreads spam via email, was first discovered by IBM X-Force researchers late last year.

Trickbot, meanwhile, has been downloaded by IcedID in other campaigns.

When Two Trojans Are Worse Than One

Cybercriminals were once relatively territorial in how they worked. For instance, one of the first steps a banking Trojan might take upon penetrating an organization’s defenses would be to kill or remove competitive malware. The collaboration between Trickbot and IcedID suggests greater cooperation among groups of hackers who are subjecting victims to several exploits at once.

The researchers also noted that the two bots are now working similarly in some ways. IcedID, for instance, has added file name obfuscations and file content encryption — just like Trickbot. If banking Trojans are serving as a distribution channel for each other, it’s possible they are also giving each other ideas on how to become even more potent as they develop their next variant.

How “Least Privilege” Can Offer Greater Security

Trickbot and IcedID are not alone, and it may be difficult for even the most robust defenses to keep out every banking Trojan. Instead, IBM Security experts suggest expanding the way security teams think about the principle of least privilege.

By making sure employees can only make use of the applications and other resources they need on a daily basis — not just by role but by specific activities — it can make it more difficult for the likes of Trickbot and IcedID to get access to more credentials if they manage to break in.

Segmenting the network into areas where certain data or resources are under more strict control, meanwhile, could mean cybercriminals would have to work even harder to penetrate further and do damage. It might even be easier to spot them when they try to do so.

Source: Fortinet

 |  |  |  |  | 
Shane Schick
Writer & Editor

More from

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature