The TrickBot trojan, which is primarily aimed at financial information, has been around for some time but attackers have added a new and rather persistent feature. The new feature, dubbed “Cookie Grabber”, is a stand-alone virus that has been added to the TrickBot payload. This new module is designed to steal browser cookies in major browsers such as Chrome, Firefox, Internet Explorer, and Microsoft Edge. Cookie Grabber steals the text files stored as cookies that websites use to remember login credentials, website preferences, personalized content, and internet traffic activity. Cookie Grabber a complete stand-alone product that can be controlled independently by the malware operators. These autonomous modules allow for finer control and enable additional flexibility in the customization of the malware capabilities. What makes these persistent is that if the TrickBot trojan is removed, Cookie Grabber could still be working if it was missed.
Analyst Notes
If TrickBot is found on a user’s system then it should be removed with a strong antivirus program. Even if it is removed, the scanner should be ran a second time to verify any and all components are removed. Making sure that the user’s antivirus is up-to-date is also advised so that the program has the newest protocols possible.