The Holy Trinity of Banking Trojans – 2017 Edition

The Harry Potter universe has Harry, Ron, and Hermione and the Marvel Cinematic Universe has the trinity of Chrises (Evans, Hemsworth, and Pratt). Jeremy Renner (who once worked as a makeup artist) suggests women to focus on three things: brows, lashes, and lips. I categorized different families of malware in a similar fashion.

I was thinking about this the other day when I noticed that my team and I had seen the Smoke Loader (aka Sharik) malware deliver three types of banking trojans within two weeks. While it’s not that amazing or interesting, I’m getting the feeling that 2017 will the year where banking trojans will make another return to the threat landscape as it did in 2015 with Dyre, Dridex, and Neverquest or more notably in 2013 with GameOver Zeus.

Behold: The Bad and Bougee Banking Trojan Trinity!trojans1

As can be inferred from the amazing chart that I have drawn, these three families of malware are some of the more common banking trojans seen in malware delivered by emails. Dridex is at the top and has been the most active malware for the longest duration. TrickBot is a malware that shows similarities to the infamous Drye banking trojan which kind of disappeared around November 2015. Lastly is the ZLoader malware that replaced the Vawtrak malware after the arrest of the malware authors. I tend to see these malware families quite often and I have reason to believe these three banking trojans to be the Plastics of 2017.

And because it would be fun…

  • Dridex = Regina George
  • ZLoader = Gretchen Weiners
  • TrickBot = Karen Smith



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s