Security News > 2022 > January > TrickBot now crashes researchers' browsers to block malware analysis
The notorious TrickBot malware has received new features that make it more challenging to research, analyze, and detect in the latest variants, including crashing browser tabs when it detects beautified scripts.
TrickBot has dominated the malware threat landscape since 2016, constantly adding optimizations and improvements while facilitating the deployment of damaging malware and ransomware strains.
Obfuscation is expected in the malware world, but TrickBot features many layers and redundant parts to make analysis slow, cumbersome, and often produce inconclusive results.
Finally, TrickBot features an anti-debugging script in the JS code, which helps it anticipate when it is being analyzed and triggers a memory overload that crashes the page.
If beautified code is found, TrickBot now crashes the browser to prevent further analysis of the injected script.
TrickBot usually arrives on the target system through phishing emails that include a malicious attachment that executes macros to download and install malware.