Security News > 2020 > January > TrickBot Adds Custom, Stealthy Backdoor to its Arsenal

TrickBot Adds Custom, Stealthy Backdoor to its Arsenal
2020-01-09 11:00

The Russian-speaking cybercriminals behind the TrickBot malware have developed a stealthy backdoor dubbed "PowerTrick," in order to infiltrate high-value targets.

The malware operators send the first command, which is to download the main PowerTrick backdoor.

In addition to Metasploit, the backdoor also calls other pieces of code, which function as backdoors as well.

These include TrickBot's custom Anchor Project DNS variant; and the More eggs JScript backdoor malware, which is sold on the Dark Web as a malware-as-a-service offering.

Using the backdoor as a gateway to yet more backdoors is an effort to stay stealthy, according to SentinelLabs.


News URL

https://threatpost.com/trickbot-custom-stealthy-backdoor/151663/