TrickBot made its comeback- with Malware Attacks and Fresh Phishing
TrickBot was developed in 2016 as a banking Trojan. Trickbot has evolved a lot since then. It has become a highly popular form of malware among cybercriminals, the major reason being its modular nature which allows us to make use of it for various attacks.
In the year 2020, it was highly responsible for spreading ransomware and was also the most popular malware that used COVID-19 lures. The malware was so profused that in October 2020 Microsoft along with its partners decided to take down the ill-famed TrickBot. They obtained a court order for this. It also brought down the infrastructure that was potentially used by the cybercriminals and attackers to spread and send commands to infected endpoints. After the company attempted to take down the malware in October 2020, TrickBot has made a comeback. The operators of this malware are launching newer and more enhanced versions timely. Recently a more tenacious genre of this malware has been launched.
Symptoms developed after the malware attack
This is what makes this malware more dangerous and systems more vulnerable. The endpoint user does not perceive any changes. The network admin is more likely to observe changes mostly in traffic patterns.
Type of infection
TrickBot majorly focuses on attacking the banks and stealing their vulnerable information. It possesses the ability to steal login information and spread it further through the network. TrickBot has nursed itself to its full potential and is evolving continuously.
- Subway UK’s system of marketing was hacked in December 2020 to spread TrickBot loaded (TrickBot v100) phishing emails.
- Also, TrickBot was seen with functionality designed specially to examine the BIOS/UEFI firm of the selected devices in the same month.
Comparison of the newer version with the older one
The takedown attempt of 2020 by law enforcement and the security vendors gave some respite until the newer one made its appearance.
- Components of the latest version of TrickBot malware have been inspected by the researchers of IBM Trusteer. They have also shared reports having insightful comparison details.
- The latest version of the malware has been numbered 100003 (by its developers), in comparison with the older versions of the malware which were 1000513 and 1000512. So basically the newer version has been numbered backward.
- This latest version contains various modifications, including a highly persistent mechanism and a creative mutex naming algorithm.
However, the infecting process of the malware is similar. It involves the configuration of the scheme, hollowing of the code injection tactic, modification of the task name, and compromise checks.
Since the malware has made a comeback it is successfully capturing the limelight. So it is time to be more careful.