Security News > 2020 > November > LightBot: TrickBot’s new reconnaissance malware for high-value targets
The notorious TrickBot has gang has released a new lightweight reconnaissance tool used to scope out an infected victim's network for high-value targets.
Over the past week, security researchers began to see a phishing campaign normally used to distribute TrickBot's BazarLoader malware switch to installing a new malicious PowerShell script.
Dubbed LightBot by Advanced Intel's Vitali Kremez, this PowerShell script is a lightweight reconnaissance tool that gathers information about a victim's network to determine if they are high-value and should be targeted in further attacks.
"The new TrickBot group"LightBot" is a PowerShell reconnaissance script used by the same group linked to the high-level ransomware and breach incidents involving Universal Health Service.
LightBot is focused on reconnaissance for high-value targets via network and active directory.