Security News > 2020 > March > RDP-Capable TrickBot Targets Telecoms Sectors in U.S. and Hong Kong
A recently discovered TrickBot variant targeting telecommunications organizations in the United States and Hong Kong includes a module for remote desktop protocol brute-forcing, Bitdefender reports.
Now, its operators apparently added a new rdpScanDll module to the threat, to brute-force RDP for a specific list of victims.
Discovered on January 30, the new module is downloaded by TrickBot along with a configuration file that contains a list of servers to receive commands from.
Based on received commands, the malware might load a specific plugin, though some modules are loaded automatically when TrickBot starts.
"The new rdpScanDll module may be the latest in a long line of modules that have been used by the TrickBot Trojan, but it's one that stands out because of its use of a highly specific list of IP addresses. While the module seems to be under development, as one attack mode seems broken, newer versions of rdpScanDll will likely fix this and potentially add new ones," Bitdefender concludes.