TrickBot returns with new features

The hackers behind TrickBot κυκλοφόρησαν την εκατοστή έκδοση του κακόβουλου λογισμικού,  με πρόσθετες to avoid detection.

TrickBot is usually installed via malicious phishing or other malware. Once installed, TrickBot will run silently on the victim's computer while downloading other modules to perform different tasks.

Αυτές οι λειτουργικές μονάδες εκτελούν ένα ευρύ φάσμα κακόβουλης δραστηριότητας, συμπεριλαμβανομένης της  κλοπής της βάσης δεδομένων Active Directory Services ενός τομέα , της εξάπλωσης τους σε ένα δίκτυο, του κλειδώματος οθόνης, της κλοπής των cookie και των κωδικών πρόσβασης του προτος περιήγησης και της  κλοπής κλειδιών .

TrickBot is known to complete an attack by giving access to the hackers behind ransomware Ryuk and Conti to make matters worse.

New features added to TrickBot v100

After Microsoft and its partners launched a coordinated attack on the TrickBot infrastructure last month, they hoped the hackers would take some time to recover.

Unfortunately, the TrickBot gang is still active, as evidenced by the release of the XNUMXth version of its malware.

This latest version  was discovered  by Vitali Kremez of Advanced Intel, who found that they added new features to make it more difficult to detect.

With this release, TrickBot now injects its own dll into the legitimate Windows executable .exe (Windows Troubleshooting), directly from memory using code from the “MemoryModule” project.

"MemoryModule is a library that can be used to fully load a DLL from memory - without first saving it to disk," she explains. σελίδα of the MemoryModule project on GitHub.

Initially start as an executable file, TrickBot will be inserted into wermgr.exe and then terminate the original TrickBot executable.

According to Kremez, during the "injection" of DLL, he will do it using Doppel Hollowing or he will edit doppelganging , to avoid detection by security software.

Unfortunately, this means that TrickBot is here to stay in the near future and consumers and businesses need to stay alert and be smart with the email attachments that open.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).