Trickbot malware is using fake Dropbox emails as distribution campaign. This has been recently reported by Security Researchers. You might recall that Trickbot malware had emerged in 2016 as the banking Trojan. It was in the news for targeting several banking companies and banking customers including online payment system giant the PayPal. The developers of this malware often uses lots of deceptive channels to reach to the potential victims.
These day, team of malware researchers have discovered the new malspam campaign comes from the official Dropbox site that deliver the TrickBot malware. It is nothing than a hoax that tries to mimic legitimate Dropbox to trick more and more System users into downloading and installing malware on Windows machine. If the System user falls for such a trick and clicks on dubious link, the payload of TrickBot malware is easily delivered from the Dropbox instead of the secure document.
Updated TrickBot Malware Contains Screenlocker Component
Along with new campaign of malspam, malware researcher has spotted a latest or updated version of TrickBot malware on March 15th, 2018. The new version of TrickBot malware contains the screenlocker element that targets the organizations employees who uses the online banking while work. Initially, this malware dropped few modules into victim’s PC where were designed for several function. Primarily, it is known as banking malware and secondly, it is used to spread the numerous malware from infected machines. Latest spam email campaign known as tabDll32.dll or tabDll64.dll that imitated the Dropbox. Besides, new spam campaigns also carries other files such as Spreader_x86.dll, SsExecutor_x86.exe and ScreenLocker_x86.dll.
TrickBot Malware To Be Evolved AS Full Fledged Ransomware
Lab tests revealed that the latest variant of TrickBot malware designed to make modules startup one after another, trigger screen locker and spread over the entire network. According to the researchers, the sole intention of updated TrickBot malware is to perform screenlocker functionality and blown ransomware virus. It allows hackers to lock victim’s files and demand ransom fee in exchange for decryption key.