Notorious Trickbot malware may have some new tricks up its sleeve

Jake Guinan July 13, 2021

Cybersecurity researchers have detected a sizeable raise in the action of the infamous Trickbot malware, with a huge selection of new command and handle (C2) centers deployed all over the world, as very well as a new module for monitoring and intelligence accumulating.

Trickbot, which has been used to perpetrate all forms of economic cyber assaults such as the supply of ransomware, was at the getting stop of a huge marketing campaign by cyber sleuths past 12 months.

Even so, researchers from Bitdefender, who have been tracking Trickbot, have not too long ago picked up a resurgence in the action of the malware, with new infrastructure and new capabilities.

TechRadar requires you!

We’re seeking at how our audience use VPNs with streaming web pages like Netflix so we can enhance our content material and offer much better information. This study would not just take additional than sixty seconds of your time, and you can also pick out to enter the prize draw to acquire a $100 Amazon voucher or just one of five 1-12 months ExpressVPN subscriptions.

>> Simply click listed here to start off the study in a new window <<

“During our investigation we also stumbled on an supplemental software used by the Trickbot group to facilitate the entry of other risk actors to the victims’ personal computers,” be aware the researchers in their assessment.

Climbing from the ashes

After past year’s just take down endeavor, the Trickbot group seems to have been recuperating, and based mostly on Bitdefender’s observations, appears all set to get back into action.

Bitdefender initial picked up an current version of the vncDll module that Trickbot takes advantage of towards choose superior-profile targets, a few of months back in Could 2021. Now recognised as tvncDll, the actively formulated module will now be used by Trickbot for monitoring and intelligence accumulating applications.

“This module, vncDll/tvncDll, takes advantage of a personalized interaction protocol, which only will make it harder to fully grasp what information is getting transmitted without the need of prior expertise,” suggests Bitdefender as it unravels the groups’ new action.

The new module interacts with just one of the 9 C2 servers defined in its configuration file. In accordance to Bitdefender’s study, the C2 servers send supplemental malware payloads, and also facilitate the exfiltration of sensitive information from the victim’s device. 

The malware now also has a password dumping operation and “is in active advancement, with various weekly updates,” in accordance to Bitdefender.

More Stories

Software Piracy

Software Piracy

Jake Guinan July 13, 2024 0
How Can We Use Technology to Hyper Improve Education In Our Schools?

How Can We Use Technology to Hyper Improve Education In Our Schools?

Jake Guinan July 11, 2024 0
The Role of Technology in Education

The Role of Technology in Education

Jake Guinan June 30, 2024 0

You may have missed

Outsmarting the Competition: Gaining the Ultimate Edge with a Tailored Website

Outsmarting the Competition: Gaining the Ultimate Edge with a Tailored Website

Jake Guinan June 14, 2025
Building Stronger Micropayment Platforms Enhancing Information Disclosure for User Protection

Building Stronger Micropayment Platforms Enhancing Information Disclosure for User Protection

Jake Guinan June 8, 2025
AI Skills in High Demand in Silicon Valley

AI Skills in High Demand in Silicon Valley

Jake Guinan May 20, 2025
Can Tech Unions Fight Back Against AI Job Loss?

Can Tech Unions Fight Back Against AI Job Loss?

Jake Guinan May 14, 2025
AI Innovation for Sustainability: A Greener Future

AI Innovation for Sustainability: A Greener Future

Jake Guinan May 10, 2025