Security News

The U.S. Department of Justice announced on Friday the arraignment of a Latvian for her alleged role in creating and operating the infamous TrickBot malware. TrickBot is a well-known and sophisticated trojan first developed in 2016 to steal online banking credentials - but it has a history of transforming itself and adding new features.

The fradulent transactions attempted against those 11 companies alone add up to $6.2 million, but the DOJ says that the Trickbot malware has infected millions of computers worldwide in the broadest possible way, hitting individuals, businesses and organisations including hospitals, schools, public utilities and governments. Trickbot is probably best known for being what's called a banking Trojan, malware that deliberately snoops on your computer while you're performing financial transactions in order to steal your personal information and prey on your account.

The U.S. Department of Justice on Friday charged a Latvian woman for her alleged role as a programmer in a cybercrime gang that helped develop TrickBot malware. Since its origin as a banking Trojan in late 2015, TrickBot has evolved into a "Crimeware-as-a-service" capable of pilfering valuable personal and financial information and even dropping ransomware and post-exploitation toolkits on compromised devices, in addition to recruiting them into a family of bots.

The US Department of Justice announced today that a Latvian national was charged for her alleged role as a malware developer in the Trickbot transnational cybercrime organization. As a Trickbot malware developer, Witte wrote the code used by the malware to control, deploy, and manage payments of ransomware, the DOJ said in a press release published today.

Attacks employing the TrickBot malware continue, leveraging phishing emails as the initial infection vector, the Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation warn. In a joint advisory published on Wednesday, the two agencies revealed that a sophisticated group of cybercrime actors is leveraging a traffic infringement phishing scheme to lure victims into downloading the TrickBot malware.

A massive malicious spam campaign, along with the global takedown of Emotet, has vaulted the TrickBot trojan to the top of the Check Point's list of the most popular malware among cybercriminals for February. In January, TrickBot was ranked third on Check Point's list, and it was fourth overall for 2020, while the No. 1 malware, Emotet, remained ascendant.

Server and storage technology giant Supermicro and secure access solutions provider Pulse Secure have issued advisories to inform users that some of their products are vulnerable to the Trickbot malware's ability to target firmware. In early December, security researchers at Advanced Intelligence and enterprise device security firm Eclypsium revealed that Trickbot not only survived a takedown attempt, but also gained the ability to scan UEFI/BIOS firmware for vulnerabilities that would allow making modifications.

TrickBot's stealthy BazarBackdoor malware has been rewritten in the Nim programming language, likely to evade detection by security software. Last week, both cybersecurity firm Intezer and Advanced Intel's Vitali Kremez analyzed a new sample of BazarBackdoor and discovered that the TrickBot gang ported it to the Nim programming language.

The TrickBot trojan is continuing its bounce-back from an autumn takedown, recently adding a network-scanning module that uses the Masscan open-source tool to look for open ports. The TrickBot module that uses it, dubbed "Masrv," is likely used for network reconnaissance, according to researchers at Kryptos Logic.

The Trickbot malware has been upgraded with a network reconnaissance module designed to survey local networks after infecting a victim's computer. Trickbot uses the network scanner module to map the victims' networks and send home information on any devices with open ports.