TrickBot is adding man-in-the-browser capabilities for stealing online banking credentials that resemble Zeus, the early banking trojan, researchers said. TrickBot has added support for Zeus-style webinject configs an additional way to dynamically inject malicious code into target banking-site destinations. The updated module is being pushed out to real victims under the name injectDll, which has replaced the old functionality, researchers found. After focusing almost exclusively on delivering ransomware for the past year, the code changes could indicate that TrickBot s operators are getting back into the bank-fraud game.
Source: https://threatpost.com/trickbot-banking-trojan-module/167521/