Security News > 2022 > February > TrickBot malware operation shuts down, devs move to BazarBackdoor
The TrickBot malware operation has shut down after its core developers move to the Conti ransomware gang to focus development on the stealthy BazarBackdoor and Anchor malware families.
TrickBot also has a long relationship with ransomware operations who partnered with the TrickBot group to receive initial access to networks infected by the malware.
Conti did not recruit these "Elite developers and managers" to work on the TrickBot malware, but rather to work on the more stealthy BazarBackdoor and Anchor malware families as seen by internal conversations shared with BleepingComputer by cybersecurity firm AdvIntel.
AdvIntel explained last week that the shift in development is because the TrickBot malware is too easily detected by security software and that the operation would be shut down shortly.
Yesterday, AdvIntel CEO Vitali Kremez told BleepingComputer that the TrickBot Group shut down all of the infrastructure for the TrickBot malware operation.
In a conversation with Kremez, BleepingComputer was told that the Conti ransomware now controls the TrickBot Group's malware development for their own needs.