Security News > 2022 > February > Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure
The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years.
Attributed to a Russia-based criminal enterprise called Wizard Spider, TrickBot started out as a financial trojan in late 2016 and is a derivative of another banking malware called Dyre that was dismantled in November 2015.
The development comes as twin reports from cybersecurity firms AdvIntel and Intel 471 hinted at the possibility that TrickBot's five-year-saga may be coming to an end in the wake of increased visibility into their malware operations, prompting the operators to shift to newer, improved malware such as BazarBackdoor.
BazarBackdoor, which first appeared in 2021, originated as a part of Trickbot's modular toolkit arsenal but has since emerged as a fully autonomous malware mainly used by the Conti cybercrime gang to deploy ransomware on enterprise networks.
TrickBot's demise has also come as the operators of Conti ransomware recruited top talent from the former to focus on stealthier replacement malware like BazarBackdoor.
Conti has also been credited with resurrecting and integrating the Emotet botnet into its multi-pronged attack framework starting November 2021, with TrickBot, ironically, utilized as a delivery vehicle to distribute the malware after a gap of 10 months.
News URL
https://thehackernews.com/2022/02/notorious-trickbot-malware-gang-shuts.html
Related news
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (source)
- Volt Typhoon rebuilds malware botnet following FBI disruption (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- BadBox malware botnet infects 192,000 Android devices despite disruption (source)