The TrickBot trojan, which is primarily aimed at financial information, has been around for some time but attackers have added a new and rather persistent feature. The new feature, dubbed “Cookie Grabber”, is a stand-alone virus that has been added to the TrickBot payload. This new module is designed to steal browser cookies in major browsers such as Chrome, Firefox, Internet Explorer, and Microsoft Edge. Cookie Grabber steals the text files stored as cookies that websites use to remember login credentials, website preferences, personalized content, and internet traffic activity. Cookie Grabber a complete stand-alone product that can be controlled independently by the malware operators. These autonomous modules allow for finer control and enable additional flexibility in the customization of the malware capabilities. What makes these persistent is that if the TrickBot trojan is removed, Cookie Grabber could still be working if it was missed.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased