A new data-stealing module in a recent sample of TrickBot triggers browser-based fraud alerts for Trickbot victims. This is bad news for TrickBot operators, who use the malware to set up backdoors on target machines. The newly discovered grabber module uses several internal C++ code references, such as grabchrome.cpp, which align with the usual TrickBot grabber code patterns and functions. It appears that its triggering of browser alerts is a coding mistake.
Source: https://threatpost.com/trickbot-sample-accidentally-warns-victims/157390/