Security News > 2022 > February > Conti ransomware gang takes over TrickBot malware operation
After four years of activity and numerous takedown attempts, the death knell of TrickBot has sounded as its top members move under new management, the Conti ransomware syndicate, who plan to replace it with the stealthier BazarBackdoor malware.
TrickBot is a Windows malware platform that uses multiple modules for various malicious activities, including information stealing, password stealing, infiltrating Windows domains, initial access to networks, and malware delivery.
The Ryuk ransomware gang initially partnered with TrickBot for initial access to works, but were replaced Conti Ransomware gang who has been using the malware for the past year to gain access to corporate networks.
Based on internal Conti conversations that the researchers had access to and shared with BleepingComputer, AdvIntel says that BazarBackdoor moved from being part of TrickBot's toolkit to a standalone tool whose development is controlled by the Conti ransomware syndicate.
The main admin for the Conti group said that they took over TrickBot.
While TrickBot malware detections will become less common, AdvIntel's recent findings show that the operation is not finished and it just moved to a new control group that takes it to the next level with malware better suited for high-value targets.