Trickbot Appears to Target OpenSSH and OpenVPN Data in Upgraded Password-Grabbing Module


Trickbot first arrived on the scene in 2016, its initial iteration being a banking trojan that infected computers to steal email passwords and address books to spread malicious emails from compromised accounts. A few years and multiple transformations later, what was a simple banking trojan has since mutated into a constantly evolving malware family that includes information theft, vulnerability exploitation, and rapid propagation among its capabilities.

One of the more notable functions of Trickbot is a password-grabbing module (pwgrab) Trend Micro researchers found last year, with the initial version of the module designed to steal credentials from various applications and web browsers. In February, they found that the malware’s authors had launched a variant with an upgraded password module, allowing it to retrieve credentials from remote networking tools such Virtual Network Computing (VNC), PuTTY, and Remote Desktop Protocol (RDP) platforms.

Read more…
Source: Trend Micro