The TrickBot malware is one of the more prolific banking Trojans in the wild today, and according to a SentinelOne report, is still being continuously developed. The report provides an analysis of how TrickBot hooks web browser functions to inject itself in order to conduct web injections and grabbing form content. Four browser’s processes, chrome.exe, firefox.exe, iexplore.exe, microsoftedgecp.exe, and an associated process, runtimebroker.exe, are targeted by TrickBot. The payload injection is carried out using the “ReflectiveLoader” method and also makes changes to the browser’s security posture.
Exposure of sensitive information