Security News

TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands
2022-02-16 22:34

Cyberattackers are targeting 60 different high-profile companies with the TrickBot malware, researchers have warned, with many of those in the U.S. The goal is to attack those companies' customers, according to Check Point Research, which are being cherry-picked for victimization. The TrickBot malware was originally a banking trojan, but it has evolved well beyond those humble beginnings to become a wide-ranging credential-stealer and initial-access threat, often responsible for fetching second-stage binaries such as ransomware.

TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade
2022-01-26 22:39

Trojan titan TrickBot has added a striking anti-debugging feature that detects security analysis and crashes researcher browsers before its malicious code can be analyzed. The new anti-debugging feature was discovered by Security Intelligence analysts with IBM, who reported the emergence of a variety of TrickBot tactics aimed at making the job of security researcher more difficult, including server-side injection delivery and secure communications with the command-and-control server to keep code protected.

TrickBot Malware Using New Techniques to Evade Web Injection Attacks
2022-01-25 21:20

The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. TrickBot has proven to be impervious to takedown attempts, what with the operators quickly adjusting their techniques to propagate multi-stage malware through phishing and malspam attacks, not to mention expand their distribution channels by partnering with other affiliates like Shathak to increase scale and drive profits.

TrickBot now crashes researchers' browsers to block malware analysis
2022-01-25 20:06

The notorious TrickBot malware has received new features that make it more challenging to research, analyze, and detect in the latest variants, including crashing browser tabs when it detects beautified scripts. TrickBot has dominated the malware threat landscape since 2016, constantly adding optimizations and improvements while facilitating the deployment of damaging malware and ransomware strains.

FBI links Diavol ransomware to the TrickBot cybercrime group
2022-01-20 18:37

The FBI has formally linked the Diavol ransomware operation to the TrickBot Group, the malware developers behind the notorious TrickBot banking trojan. A month later, IBM X-Force researchers established a stronger connection between Diavol ransomware and other TrickBot Gang's malware, such as Anchor and TrickBot.

140,000 Reasons Why Emotet is Piggybacking on TrickBot in its Return from the Dead
2021-12-10 01:03

The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure, even as the malware is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021. "Emotet is a strong indicator of future ransomware attacks, as the malware provides ransomware gangs a backdoor into compromised machines," said the researchers, who detected 223 different Trickbot campaigns over the course of the last six months.

TrickBot phishing checks screen resolution to evade researchers
2021-11-26 18:02

The TrickBot malware operators have been using a new method to check the screen resolution of a victim system to evade detection of security software and analysis by researchers. Last year, the TrickBot gang added a new feature to their malware that terminated the infection chain if a device was using non-standard screen resolutions of 800x600 and 1024x768.

Emotet stages a comeback via Trickbot and spam
2021-11-17 10:39

In January 2021, law enforcement and judicial authorities worldwide moved together to perform a global takedown of the Emotet botnet, and in April 2021 they performed a coordinated, widespread uninstall of the malware from infected machines via a module they propagated in January, effectively crippling the botnet. According to the researchers, whoever is trying to bring the Emotet botnet back online has started by using the Trickbot botnet to drop the malware, and then added the tried and tested method of sending spam with attachments and links to it.

Notorious Emotet Botnet Makes a Comeback with the Help of TrickBot Malware
2021-11-16 20:14

The notorious Emotet malware is staging a comeback of sorts nearly 10 months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021. According to a new report from security researcher Luca Ebach, the infamous TrickBot malware is being used as an entry point to distribute what appears to be a new version of Emotet on systems previously infected by the former.

Lock up your Office macros: Emotet botnet back from the dead with Trickbot links
2021-11-16 19:57

The Emotet malware delivery botnet is back, almost a year after law enforcement agencies bragged about shutting it down and arresting the operators. The revival of Emotet is serious because in its final form the Windows malware network was increasingly being used to deliver ransomware, as well as the traditional online banking credential-stealing code it was previously best known for.