Security News > 2022 > January > TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade
Trojan titan TrickBot has added a striking anti-debugging feature that detects security analysis and crashes researcher browsers before its malicious code can be analyzed.
The new anti-debugging feature was discovered by Security Intelligence analysts with IBM, who reported the emergence of a variety of TrickBot tactics aimed at making the job of security researcher more difficult, including server-side injection delivery and secure communications with the command-and-control server to keep code protected.
Once TrickBot detects the beautifier, it kicks in a memory-overload reaction to crash the researcher's tab.
Further, the researchers found that TrickBot intentionally makes its code "Messy," in order to force analysts to have to use beautifying tools to make sense of it.
"Literal values are changed to real ones, code is divided into chunks, etc. All these efforts are part of code beautifying, and TrickBot expects that from researchers, making it a good place to hold them back."
Other efforts at obfuscating TrickBot code from researchers include moving all strings to an array and encrypting them to hide details about the malware's execution; and the use of hex representation to make it hyper-complicated to decipher.
News URL
https://threatpost.com/trickbot-crash-security-researchers-browsers/178046/