[1] Its major function was originally the theft of banking details and other credentials, but its operators have extended its capabilities to create a complete modular malware ecosystem.
It is propagated by methods including executable programs, batch files, email phishing, Google Docs, and fake sexual harassment claims.
[4] In 2021, IBM researchers reported that trickbot had been enhanced with features such as a creative mutex naming algorithm and an updated persistence mechanism.
[6] Despite the efforts to extinguish TrickBot, the FBI and two other American federal agencies warned on 29 October 2020 that they had "credible information of an increased and imminent cybercrime [ransomware] threat to US hospitals and healthcare providers" as COVID-19 cases were spiking.
[11] From the end of September 2020, the TrickBot botnet was attacked by what is believed to be the Cyber Command branch of the US Department of Defense and several security companies.
The technical effort required is great; as part of the attack, ESET's automatic systems examined more than 125,000 Trickbot samples with over 40,000 configuration files for at least 28 individual plugins used by the malware to steal passwords, modify traffic, or self-propagate.
[12] On 20 October 2020, a security message on the Bleeping Computer website reported that the Trickbot operation was "on the brink of completely shutting down following efforts from an alliance of cybersecurity and hosting providers targeting the botnet's command and control servers", after the relatively ineffective disruptive actions earlier in the month.