Security News > 2020 > November > LightBot: TrickBot’s new reconnaissance malware for high-value targets

LightBot: TrickBot’s new reconnaissance malware for high-value targets
2020-11-20 15:19

The notorious TrickBot has gang has released a new lightweight reconnaissance tool used to scope out an infected victim's network for high-value targets.

Over the past week, security researchers began to see a phishing campaign normally used to distribute TrickBot's BazarLoader malware switch to installing a new malicious PowerShell script.

Dubbed LightBot by Advanced Intel's Vitali Kremez, this PowerShell script is a lightweight reconnaissance tool that gathers information about a victim's network to determine if they are high-value and should be targeted in further attacks.

"The new TrickBot group"LightBot" is a PowerShell reconnaissance script used by the same group linked to the high-level ransomware and breach incidents involving Universal Health Service.

LightBot is focused on reconnaissance for high-value targets via network and active directory.


News URL

https://www.bleepingcomputer.com/news/security/lightbot-trickbot-s-new-reconnaissance-malware-for-high-value-targets/