Security News > 2020 > March > TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal
The TrickBot malware has added a new feature: A module called rdpScanDll, built for brute-forcing remote desktop protocol accounts.
TrickBot is a malware strain that has been around since 2016, starting life as a banking trojan.
"The TrickBot executable will download the plugin and its configuration file from one of the available online command-and-control servers, containing a list of servers with whom the plugin will communicate to retrieve commands to be executed," according to BitDefender, writing in a posting on Wednesday.
In terms of attack methods, the check mode should check for RDP connection on the list of targets.
"The new rdpScanDll module may be the latest in a long line of modules that have been used by the TrickBot trojan, but it's one that stands out because of its use of a highly specific list of IP addresses," according to the analysis.