TrickGate crypter discovered after 6 years of infections

2023-02-06 16:41

In new research, Check Point has exposed a crypter dubbed TrickGate developed by cybercriminals and sold as a service.

The crypter has been in development since 2016 when it was used to spread the Cerber malware, but it has been used for several major malware campaigns, including Trickbot and Emotet.

Check Point monitored 40 to 650 attacks per week over the last two years and found the most popular malware family crypted by TrickGate was FormBook, an information stealer malware.

The threats crypted by TrickGate are delivered in different formats depending on the threat actor deploying it.

Reverse engineers working on improving malware detection often focus on the malware itself because it can be packed or crypted with any crypter tool and it's important to detect the final payload, which is the most malicious component of the attack.

Crypters render automated static analysis useless, as analysis tools will only see the crypter code and not the final payload. It is strongly advised to adopt security solutions that have the capability to do dynamic and behavior analysis, such as sandboxes, as those solutions will be able to monitor the whole code flow from the depacking to the delivery of the final payload and its execution.

News URL

https://www.techrepublic.com/article/trickgate-crypter-discovered/