Security News > 2021 > July > Trickbot Malware Rebounds with Virtual-Desktop Espionage Module

The Trickbot trojan is in resurgence mode, with its operators filling out infrastructure globally and releasing an updated version of its "VncDll" module, used for monitoring and intelligence gathering, researchers said.

Trickbot's VNC Module Set-Up. The latest version of the spy module makes use of virtual network computing: hence its name, vncDll.

Any other command, which will prompt the module to create a new desktop that is fully controlled by the module and contains a custom interface for the attackers.

If the module isn't able to create the alternative desktop, it closes the connection.

"The alternate desktop is created and fully controlled by the module, copying the icons from the desktop, creating a custom taskbar for managing its processes and creating a custom right click menu, containing custom functionality," according to Bitdefender.

In the normal operation mode, the module first sends screenshots of the alternative desktop and any clipboard data to the C2, which the attackers use to generate window messages that carry out various actions on the virtual desktop, according to the analysis.

News URL

https://threatpost.com/trickbot-malware-virtual-desktop-espionage/167789/