Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors

2023-06-05 04:31

A surge in TrueBot activity was observed in May 2023, cybersecurity researchers disclosed.

"TrueBot is a downloader trojan botnet that uses command and control servers to collect information on compromised systems and uses that compromised system as a launching point for further attacks," VMware's Fae Carlisle said.

Active since at least 2017, TrueBot is linked to a group known as Silence that's believed to share overlaps with the notorious Russian cybercrime actor known as Evil Corp. Recent TrueBot infections have leveraged a critical flaw in Netwrix auditor as well as Raspberry Robin as delivery vectors.

Exe establishes connections with a known TrueBot IP address located in Russia to retrieve a second-stage executable that's subsequently launched using Windows Command Prompt.

"TrueBot can be a particularly nasty infection for any network," Carlisle said.

The findings come as SonicWall detailed a new variant of another downloader malware known as GuLoader that's used to deliver a wide range of malware such as Agent Tesla, Azorult, and Remcos.

News URL

https://thehackernews.com/2023/06/alarming-surge-in-truebot-activity.html