Trickbot is a banking trojan that was first reported on in 2016. It is an advanced and persistent modular Trojan that's primary function is to steal users banking credentials via dynamic and static web injection attacks and recently - digital wallets containing Bitcoin. Trickbot is distributed via a MalSpam campaign that contains a malicious download link or an attached, macro-enabled, Word or Excel documents. Once the user opens the document, the malware will infect the computer and begin spreading across the network. Once infected Trickbot can maintain persistence and move laterally across a network thanks to its worm-like modules.
Trickbot focuses on targeting financial institutions in Europe and the United States but has also been seen targeting other industries.