Security News > 2020 > February > TrickBot Switches to a New Windows 10 UAC Bypass to Evade Detection
The TrickBot trojan has evolved again to bolster its ability to elude detection, this time adding a feature that can bypass Windows 10 User Account Control to deliver malware across multiple workstations and endpoints on a network, researchers have discovered.
Researchers at Morphisec Labs team said they discovered code last March that uses the Windows 10 WSReset UAC Bypass to circumvent user account control and deliver malware in recent samples of TrickBot, according to a report released last week.
The TrickBot malware is particularly dangerous because it's constantly evolving with new functionality to make it even harder to detect its delivery of malware, Morphisec security researcher Arnold Osipov wrote in the post.
The WSReset UAC Bypass first checks a system to see if it's running Windows 7 or Windows 10, Osipov wrote, with the latter being a condition for the malware to use the WSReset UAC Bypass.
Researchers last year also found evidence that the crimeware organization behind TrickBot forged an unprecedented union with North Korean APT group Lazarus through an all-in-one attack framework developed by TrickBot called Anchor Project.
News URL
https://threatpost.com/trickbot-switches-to-a-new-windows-10-uac-bypass-to-evade-detection/152477/
Related news
- Windows 10 KB5052077 update fixes broken SSH connections (source)
- Windows 10 KB5053606 update fixes broken SSH connections (source)
- Broadcom warns of authentication bypass in VMware Windows Tools (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)
- New Windows 11 trick lets you bypass Microsoft Account requirement (source)
- Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option (source)
- Windows 10 KB5055518 update fixes random text when printing (source)
- Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug (source)