TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions

2020-12-03 18:58

According to collaborative research from Advanced Intelligence and Eclypsium, the additional TrickBot functionality, which they call "TrickBoot," checks devices for known vulnerabilities that can allow attackers to read, write or erase the UEFI/BIOS firmware of a device.

In October, a rare firmware bootkit was spotted being used to target diplomats and members of non-governmental organizations from Africa, Asia and Europe.

Users infected with the TrickBot trojan will see their device become part of a botnet that attackers use to load second-stage malware - researchers called it an "Ideal dropper for almost any additional malware payload.".

"We have now cut off key infrastructure so those operating TrickBot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems."

AdvIntel researchers first discovered the new function when they ran across the name "PermaDll" in a TrickBot attack chain that emerged in October.

News URL

https://threatpost.com/trickbot-returns-bootkit-functions/161873/

#trickbot