Trickbot first came to light in October 2016 after it hit financial institutions across Asia and Australia, later evolving to target the UK, Germany and Canada.
It launches "redirection" cyberattacks via spam emails in order to send victims to a booby-trapped websites posing as the legitimate banking services.
Targeted individuals – if duped – enter their usernames and passwords into the fake websites which, in reality, send their credentials straight to the criminals.
In its research, IBM said Trickbot has spread quickly to dozens of countries and language zones.
At current count, experts found that it is targeting banks in more than 40 countries spanning Asia, Europe, North America, South America, Australia and New Zealand.
"The TrickBot Trojan is an evolving malware project that appears to have funding and alliances in the cybercrime arena," Kessem wrote in a blog post.
"Its targets are mostly business banking, wealth management and private banking services, which means that the malware's operators are after corporate money and hefty illicit profits. This gang is [...] organised, international and unlikely to disappear anytime soon."
Previously, a version of the Trojan was spotted with worm-like capabilities by Flashpoint, a cybersecurity firm. It was designed to spread in the same fashion as "WannaCry" and "NotPetya", two ransomware strains which both caused global chaos earlier this year.
That hasn't happened yet, but that doesn't mean the Trojan is not a threat, IBM said.
In September this year, the company said a botnet called "Necurs" - which spread the malware globally - helped to spew out more than 40 million emails containing Trickbot.
The research also suggested that the cybercriminals behind the attacks have been "experimenting with other ideas," These include serving up the Trojan directly from fake banking websites and using new types of malicious code to illicitly mine cryptocurrency from victims' machines.
The identities of those behind the scheme remain a mystery.
A timeline of Trickbot’s global spreadIBM X-Force “Harvey Weinstein is just a man being a man