Articles TrickBot is back with a new user tracking module

TrickBot is back with a new user tracking module

-

Despite attempts to disable the infrastructure of the TrickBot botnet, there are no signs that the malware will go away any time soon.

Bitdefender cybersecurity researchers have unveiled the ongoing resurgence of TrickBot malware, making it clear that the cybercriminals behind it are constantly working to improve their infrastructure.

“These new capabilities are being used to monitor and collect information from victims using a custom communication protocol to obscure communications between [C&C] servers and victims, making it difficult to detect attacks,” the researchers said.

Despite attempts by Microsoft and the US Cyber ​​Command to shut down the infrastructure of the TrickBot botnet, experts say there is no sign that the malware will go away any time soon. On the contrary, its operators continue to improve the program. For example, the malware has received new components that allow hackers to inject backdoors into the Unified Extensible Firmware Interface (UEFI), avoid detection by antivirus solutions, receive updates, and even uninstall and reinstall the operating system.

According to Bitdefender, attackers are currently actively developing an updated version of a module called “vncDll” that is used in TrickBot attacks against selected targets for monitoring and gathering intelligence.

The new module is designed to communicate with one of the nine C&C servers specified in its configuration file. The malware receives a set of commands from this C&C server, downloads additional malware and transfers data collected from the compromised machine to it.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you