TrickBot

Pierluigi Paganini October 16, 2021
Trickbot spreads malware through new distribution channels

TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. The gang support other cybercrime groups such as known Hive0105, Hive0106 (aka TA551 or Shathak), and […]

Pierluigi Paganini September 06, 2021
TrickBot gang developer arrested at the Seoul international airport

A Russian man accused of being a member of the infamous TrickBot gang was arrested while trying to leave South Korea A Russian man accused of being a member of the TrickBot gang was arrested last week at the Seoul international airport. The man has remained stuck in the Asian country since February 2020 due […]

Pierluigi Paganini July 14, 2021
Trickbot improve its VNC module in recent attacks

Trickbot botnet is back, its authors implemented updates for the VNC module used for remote control of infected systems. The Trickbot botnet continues to evolve despite the operations conducted by law enforcement aimed at dismantling it. The authors recently implemented an update for the VNC module used for remote control over infected systems. In October, Microsoft’s […]

Pierluigi Paganini June 05, 2021
US arrested Latvian woman who developed part of Trickbot malware

The US Department of Justice (DOJ) announced the arrest of a Latvian woman for her alleged role in the development of the Trickbot malware. The US Department of Justice (DOJ) announced the arrest of Alla Witte (aka Max), a Latvian woman that was charged for her alleged role in the development of the Trickbot malware. […]

Pierluigi Paganini April 18, 2021
Is BazarLoader malware linked to Trickbot operators?

Experts warn of malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. Since January, researchers observed malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. The campaigns aimed at employees of large organizations, the messages attempt to trick the victims that they contain important information […]

Pierluigi Paganini March 19, 2021
CISA and FBI warn of ongoing TrickBot attacks

CISA and FBI are warning of ongoing TrickBot attacks despite security firms took down the C2 infrastructure of the infamous botnet in October. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) warn of ongoing Trickbot attacks despite in October multiple security firms dismantled its C2 infrastructure in a joint operation. On […]

Pierluigi Paganini February 01, 2021
Experts discovered a new Trickbot module used for lateral movement

Experts spotted a new Trickbot module that is used to scan local networks and make lateral movement inside the target organization. Cybersecurity researchers discovered a new module of the Trickbot malware, dubbed ‘masrv’, that is used to scan a local network and make lateral movement inside the target organization. The masrv module leverage the Masscan open-source utility […]

Pierluigi Paganini December 26, 2020
The Emotet botnet is back and hits 100K recipients per day

Emotet is back on Christmas Eve, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. Emotet is back on Christmas Eve, after two months of silence, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. The recent Emotet campaign uses updated payloads and is targeting over 100,000 […]

Pierluigi Paganini December 03, 2020
TrickBoot feature allows TrickBot bot to run UEFI attacks

TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature. The infamous TrickBot gets a new improvement, authors added a new feature dubbed “TrickBoot” designed to exploit well-known vulnerabilities in the UEFI/BIOS firmware and inject malicious code, such as bootkits. The TrickBoot functionality was documented […]

Pierluigi Paganini October 28, 2020
TrickBot operators employ Linux variants in attacks after recent takedown

A few days after the TrickBot takedown, Netscout researchers spotted a new TrickBot Linux variant that was used by its operators. A few days ago, Microsoft’s Defender team, FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Broadcom’s cyber-security division Symantec joined the forces and announced a coordinated effort to take down the command and control infrastructure of the infamous TrickBot botnet. Microsoft has taken […]