Security News > 2022 > February > TrickBot Takes a Break, Leaving Researchers Scratching Their Heads

The group behind the TrickBot malware is back after an unusually long lull between campaigns, according to researchers - but it's now operating with diminished activity.

A report from Intel 471 published on Thursday flagged a "Strange" period of relative inactivity, where "From December 28, 2021 until February 17, 2022, Intel 471 researchers have not seen new TrickBot campaigns."

An incident last November indicated that the TrickBot botnet was used to distribute Emotet - indicating that the collaboration with the group behind the Emotet malware is ongoing.

Researchers speculated that, this time around, "It's likely that the TrickBot operators have phased TrickBot malware out of their operations in favor of other platforms, such as Emotet."

The researchers have now concluded with high confidence that "This break is partially due to a big shift from TrickBot's operators, including working with the operators of Emotet."

"Perhaps," Intel 471 researchers wrote, "a combination of unwanted attention to TrickBot and the availability of newer, improved malware platforms has convinced the operators of TrickBot to abandon it."

News URL

https://threatpost.com/trickbot-break-researchers-scratching-heads/178678/