TrickBot malware has re-emerged with its new variants being launched regularly after its takedown attempt last November. Yet again, they have launched a more persistent version of the malware.
Yesterday vs Today
A short-term relief was given to the digital world by the last takedown attempt by the law enforcement in tandem with security vendors, against the Trickbot malware. However, it seems the malware’s operators have gathered their forces and with the head start and come back stronger.
- The new TrickBot version components were analyzed by researchers and a report was released with insight comparison details.
- Numbered 100003 by its developers, in comparison with the previous versions 1000512 and 1000513, the latest version has been numbered backward.
- A modified persistence mechanism and a creative mutex naming algorithm are among the many enhancements in this version.
- Although, some of its prominent features remain to be the same. Like it has the same process hollowing code injection tactic, bot configuration scheme with task name modification with a random twist and the same compromise checks.
The Trickbot –
Along with continuous evolution, the Trickbot malware seems to have nourished itself to its complete potential.
- In December last year, Trickbot-laden phishing emails were distributed after Subway UK’s marketing system was hacked.
- The TrickBot malware was observed with functionality, designed to inspect the UEFI/BIOS firmware of targeted devices, in the same month.
Staying Vigilant
Since its revival, the Trickbot malware has been successfully capturing the limelight. With its operators in full swing, the malware can either become the foot in the door for a number of new targeted attacks or worse. Our internal experts advise individuals and organizations to be watchful on high priority in order to avoid the dangers imposed by the Trickbot.
To read more, please check eScan Blog
