Saturday, January 16, 00:52
Home security TrickBot: The 100th version of malware with new features has been released!

TrickBot: The 100th version of malware with new features has been released!

The TrickBot gang has released the 100th version of the malware with new additional features that allow it to avoid detection. TrickBot is a malware that is usually installed through Phishing email or other malware. When installed on the target system, TrickBot moves "silently" on the victim's computer, while downloading other modules to perform various tasks.

These modules perform a variety of malicious activities, including of Active Directory Services theft database one domain, the spread on a network, the screen lock, the theft of cookies and its passwords browser and OpenSSH key theft.

TrickBot: The 100th version of malware with new features has been released!

TrickBot completes an attack by giving them access hackers located behind the Ryuk and Accounts ransomware, in order to further aggravate the consequences that the victim will face.

Microsoft, in collaboration with other companies, launched a coordinated attack on the TrickBot infrastructure last month, hoping the hacking gang would take some time to recover and return to the threat landscape. However, the gang is still active, as evidenced by the release of the 100th version of the malware.

According to BleepingComputer, the 100th version was discovered by Advanced Intel's Vitali Kremez, who found that cybercriminals added new features to TrickBot to make it more difficult to detect. With this version, TrickBot now introduces DLL to the legal Windows wermgr.exe (Windows Troubleshooting) executable directly from memory using code from the “MemoryModule” project. MemoryModule is a library that can be used to fully load a DLL from memory - without first saving it to disk.

TrickBot: The 100th version of malware with new features has been released!

According to Kremez, the malware then proceeds to DLL injection, using Doppel Hollowing or processing doppelganging, to avoid detection by security software.

It is clear that the TrickBot gang did not allow attack and the partial destruction of their infrastructure to hold them back, instead they continue to incorporate new features to prevent their malware from being detected. This means that TrickBot may become even more powerful and dangerous in its future attacks. Therefore, individuals and organizations must be prepared and very careful in the emails that open.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...