Security News > 2020 > March > TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal

TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal
2020-03-18 17:22

The TrickBot malware has added a new feature: A module called rdpScanDll, built for brute-forcing remote desktop protocol accounts.

TrickBot is a malware strain that has been around since 2016, starting life as a banking trojan.

"The TrickBot executable will download the plugin and its configuration file from one of the available online command-and-control servers, containing a list of servers with whom the plugin will communicate to retrieve commands to be executed," according to BitDefender, writing in a posting on Wednesday.

In terms of attack methods, the check mode should check for RDP connection on the list of targets.

"The new rdpScanDll module may be the latest in a long line of modules that have been used by the TrickBot trojan, but it's one that stands out because of its use of a highly specific list of IP addresses," according to the analysis.


News URL

https://threatpost.com/trickbot-trojan-rdp-brute-forcing/153915/?utm_source=rss&utm_medium=rss&utm_campaign=trickbot-trojan-rdp-brute-forcing