A popular TrickBot malware variant designed by cybercriminals for stealing vital information has been updated with an ability to evade detection from security programs according to Palo Alto Networks.
Formerly a banking Trojan when it first came into limelight in 2016, Trickbot has now been redesigned for multiple usages by its developer with features that make it multiply itself like a botnet to gain more victims using phishing campaigns for spreading malicious attachments that execute it on a window system if left opened.
It can also function as a backdoor access provider to cybercriminals for the deployment of other harmful malware into infected systems. TrickBot also comes with a feature that makes it exploit the Eternal Blue’s vulnerability to navigate slantly through a network.
A team of researchers from Palo Alto, Unit.42 opined that the updated TrickBot malware now uses a module called “nworm” after hackers cybercriminals stopped using the “mworm” module since April 2020 which helps it eradicate traces on a victim’s system by disappearing when a reboot is carried out on the system. Another function of the malware is to propagate an infection from an infected windows client to a vulnerable Domain Controller (DC) through the “nworm” module by running on the computer’s RAM.
Making use of “nworm” means it cannot remain active when a system is rebooted, so it does not linger on the system which helps it evade detection on the infected Domain Controller (DC) as explained by researchers from Palo Alto.
What To Expect From The Trickbot Malware?
Gil Kirkpatrick, Semperis’s Chief Architect stated that “TrickBot remains a significant threat, commanding high-profile reportage recently with its current transformation. Having the ability to target domain controllers (DC) indicates how important it is for individuals and organizations to effectively monitor, manage, and protect your vital platforms.”
Researchers concluded by saying “Indications are pointing to the fact that TrickBot developers are experimenting further to evolve the malware’s threat scope even after becoming successful with evading detection. Individuals and organizations have been advised to upgrade their security routine, keep their systems and network up to date with periodic patch management to fight off TrickBot attack”.