TrickBot Gang Likely Shifting Operations to Switch to New Malware

2022-02-24 19:51

The last set of attacks involving TrickBot were registered on December 28, 2021, even as command-and-control infrastructure associated with the malware has continued to serve additional plugins and web injects to infected nodes in the botnet.

Interestingly, the decrease in the volume of the campaigns has also been accompanied by the TrickBot gang working closely with the operators of Emotet, which witnessed a resurgence late last year after a 10-month-long break following law enforcement efforts to tackle the malware.

The attacks, which were observed first in November 2021, featured an infection sequence that used TrickBot as a conduit to download and execute Emotet binaries, when prior to the takedown, Emotet was often used to drop TrickBot samples.

"It's likely that the TrickBot operators have phased TrickBot malware out of their operations in favor of other platforms, such as Emotet," the researchers said.

According to a separate report published by Advanced Intelligence last week, the Conti ransomware cartel is believed to have acqui-hired several elite developers of TrickBot to retire the malware in favor of enhanced tools such as BazarBackdoor.

"Perhaps a combination of unwanted attention to TrickBot and the availability of newer, improved malware platforms has convinced the operators of TrickBot to abandon it," the researchers noted.

News URL

https://thehackernews.com/2022/02/trickbot-gang-likely-shifting.html

#malware #trickbot