21 Oct 2022

This old malware has been rebuilt with new features to use in ransomware attacks

Security company Mandiant has discovered that a new variant of the Ursnif malware, also known as Gozi, has repurposed into a backdoor trojan that has been described as very dangerous. The backdoor trojan will likely be used in ransomware attacks, the security firm says. Ursnif is one of the oldest

Read More
18 Oct 2021

TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates

The TrickBot ransomware group, which also created BazarLoader and the Conti ransomware, has just upped its distribution tactics to become more of a threat. The cybercriminals behind the TrickBot Trojan have signed two additional distribution affiliates, named Hive0106 and Hive 0107 by IBM X-Force. The result of this move is

Read More
07 Jun 2021

Latvian Woman Charged with Developing Malware for Trickbot

Alla Witte, a 55-year-old Latvian woman, has been charged with multiple counts for her alleged role in developing malware for the notorious Trickbot group. Witte has been charged with 19 counts of a 47-count indictment. Witte was arrested in February in Miami. Trickbot initially started several years ago as a

Read More
19 Mar 2021

Five Months After Takedown Attempt, CISA and FBI Warn of Ongoing TrickBot Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) and FBI have warned of an uptick in attacks deploying the TrickBot malware, largely utilizing phishing campaigns as the initial infection vector. The two entities released a joint advisory to the public on Wednesday, alerting individuals of the sophisticated attacks. According to the

Read More
12 Mar 2021

TrickBot Takes Over, After Cops Kneecap Emotet

TrickBot is now the top threat according to Check Point’s new risk assessment index, replacing Emotet after a law enforcement takedown on the Emotet ransomware operators. TrickBot also recently launched and conducted a massive spam campaign that targeted several different organizations. Check Point published a recent list titled most popular

Read More
03 Dec 2020

The Internet’s Most Notorious Botnet Has an Alarming New Trick

Over the past few months, the cybersecurity industry’s most notorious tool, TrickBot, has also become its most potent enemy. Despite takedown attempts by Microsoft and the US Cyber Command, the tool has been developed even further, with its operators implementing a new technique that infects machines beyond operating systems and

Read More
13 Oct 2020

Security Firms & Financial Group Team Up to Take Down Trickbot

Several security firms, including ESET, Black Lotus Labs, and Symantec have teamed up with Microsoft and the financial services industry to combat the use of Trickbot through eliminating the ransomware’s C2 infrastructure. The notorious Trickbot ransomware has infected more than a million computing devices to date, according to a statement

Read More
17 Sep 2020

Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals

Yesterday, newly published nalysis from the security firm Intel 471 uncovered links between North Korea’s Lazarus Group and Russian-speaking cybercriminals. The report pinpoints links between the two organizations through examining years of security incidents. The conclusion, however, depends on two popular and generally accepted assumptions: that the Trickbot, TA505, and

Read More
02 Jul 2020

TrickBot malware now checks screen resolution to evade analysis

The notorious TrickBot trojan has evolved again, this time acquiring the ability to check the screen resolutions of victims to detect whether the malware is running on a virtual machine or on the actual device. Researchers typically analyze malware while running a virtual machine that is outfitted with different analysis

Read More
11 Jun 2020

Fake Black Lives Matter voting campaign spreads Trickbot malware

A new phishing email campaign that prompts users to vote anonymously about the Black Lives Matter movement is secretly spreading the information-stealing malware TrickBot. TrickBot was initially created as a banking Trojan but has since evolved to perform other malicious tasks such as spreading laterally through a network, stealing saved

Read More