Six IT security players – Microsoft, FS-ISAC, ESET, Lumen, NTT, Symantec – have coordinated to dismantle Trickbot. It was one of the biggest botnets around, with over a million zombie machines. These experts spent months collecting and analyzing more than 125,000 copies of this malware, in order to map the underlying server infrastructure and contact the hosts involved.
Trickbot appeared in 2016 in the form of a banking Trojan, before becoming a modular botnet made available to other cybercriminals who could rely on it to distribute their own malware: espionage, ransomware … around the world and targeted both businesses and individuals.
This malware often arrived via an email with a tricked Excel document attached. The pretext was generally a false delivery, a false receipt or a false declaration to be made. If the user clicked on it, a macro downloaded the malicious code, which then began to explore the infiltrated PC or network.