TrickBot Banking Trojan Now Targets Coinbase Users

In the world of malicious software, banking Trojans are nothing new. In fact, this type of malware has been around for as long as most people can remember. What is rather peculiar is how the TrickBot banking Trojan no longer just targets banking portals, but also the Coinbase exchange. That is pretty disconcerting news for Bitcoin users who rely on this platform. It also shows cryptocurrency is attracting more interest from cybercriminals than ever before.

TrickBot Trojan Learns a new Trick

We have documented the TrickBot malware on more than one occasion. Every single time this malware makes headlines, it is because the project becomes even more versatile than it was before. The latest update should worry users of the Coinbase cryptocurrency exchange. TrickBot is now capable of stealing money from Coinbase accounts, although it seemingly cannot bypass 2FA on its own. Users of this exchange platform need to be extra wary when dealing with new types of software and conduct regular malware scans to keep their information safe.

TrickBot has been around since late 2016, so it is not entirely surprising its developers have added more functionality. Whereas most banking Trojans lose traction after a few weeks, TrickBot has proven to be rather persistent. It is still unclear who initially developed this tool, although security experts believe the Dyre banking Trojan team may be responsible for TrickBot. That has never been officially confirmed, though.

Malware coders are paying more attention to cryptocurrency now than ever before. Although ransomware has been a cryptocurrency-related threat for some time now, we have seen other types of malware emerge in recent months. The number of malicious cryptocurrency miners packaged as legitimate software is most definitely on the rise as we speak. A lot of these mining tools have also shifted their attention from Bitcoin to Monero, which is a pretty interesting development on its own.

Now that TrickBot is trying to steal funds from Coinbase accounts, things have taken yet another turn for the worse. The banking Trojan’s previous major update allowed it to steal funds from PayPal accounts, which was considered to be one of the more shocking developments. Targeting Coinbase makes a lot of sense for the developers of Trickbot, as the increasing value of cryptocurrency can result in an even bigger payday. Notably, this banking Trojan is far less invasive than ransomware.

Trickbot will overlay a fake login page when users visit the Coinbase website. Since this overlay looks exactly like the original, users will still be able to access their accounts after the redirect is completed. At the same time, the Trickbot developers will have gained access to one’s login credentials. Users who add 2FA security to their accounts should remain safe from harm, though, as the criminals do not access accounts directly when one is logged in, by the looks of things. They do not control your computer, after all.

It is unclear if Coinbase users have already been affected by the Trickbot malware. Considering how the banking Trojan can evade detection by security software with relative ease, it is certainly possible we will see some account thefts taking place in the coming months. Now would be a good time to enable two-factor authentication your Coinbase account if you have not already done so. Keeping your funds safe should be the number one priority at all times. That also means enabling less convenient security layers, just in case malware like TrickBot attempts to steal your money.