Security News > 2022 > January > TrickBot now crashes researchers' browsers to block malware analysis
The notorious TrickBot malware has received new features that make it more challenging to research, analyze, and detect in the latest variants, including crashing browser tabs when it detects beautified scripts.
TrickBot has dominated the malware threat landscape since 2016, constantly adding optimizations and improvements while facilitating the deployment of damaging malware and ransomware strains.
Obfuscation is expected in the malware world, but TrickBot features many layers and redundant parts to make analysis slow, cumbersome, and often produce inconclusive results.
Finally, TrickBot features an anti-debugging script in the JS code, which helps it anticipate when it is being analyzed and triggers a memory overload that crashes the page.
If beautified code is found, TrickBot now crashes the browser to prevent further analysis of the injected script.
TrickBot usually arrives on the target system through phishing emails that include a malicious attachment that executes macros to download and install malware.
News URL
Related news
- Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs (source)
- Malware locks browser in kiosk mode to steal Google credentials (source)
- Necro Android Malware Found in Popular Camera and Browser Apps on Play Store (source)
- Fake browser updates spread updated WarmCookie malware (source)