13 Oct 2020

Security Firms & Financial Group Team Up to Take Down Trickbot

Several security firms, including ESET, Black Lotus Labs, and Symantec have teamed up with Microsoft and the financial services industry to combat the use of Trickbot through eliminating the ransomware’s C2 infrastructure. The notorious Trickbot ransomware has infected more than a million computing devices to date, according to a statement

Read More
17 Sep 2020

Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals

Yesterday, newly published nalysis from the security firm Intel 471 uncovered links between North Korea’s Lazarus Group and Russian-speaking cybercriminals. The report pinpoints links between the two organizations through examining years of security incidents. The conclusion, however, depends on two popular and generally accepted assumptions: that the Trickbot, TA505, and

Read More
02 Jul 2020

TrickBot malware now checks screen resolution to evade analysis

The notorious TrickBot trojan has evolved again, this time acquiring the ability to check the screen resolutions of victims to detect whether the malware is running on a virtual machine or on the actual device. Researchers typically analyze malware while running a virtual machine that is outfitted with different analysis

Read More
11 Jun 2020

Fake Black Lives Matter voting campaign spreads Trickbot malware

A new phishing email campaign that prompts users to vote anonymously about the Black Lives Matter movement is secretly spreading the information-stealing malware TrickBot. TrickBot was initially created as a banking Trojan but has since evolved to perform other malicious tasks such as spreading laterally through a network, stealing saved

Read More
04 May 2020

TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy

IBM X-Force recently disclosed that malicious actors are spreading the TrickBot trojan through fake messages that are COVID-19 themes. The new campaign capitalizes on public concern and interest in the Department of Labor’s Family and Medical Leave Act (FMLA). IBM X-Force stated that they uncovered the campaign after the analysis

Read More
13 Mar 2020

New TrickBot Variant Updates Anti-Analysis Tricks

TrickBot is a malware that has recently updated its anti-analysis techniques to include minor changes to the integration of its components and method for downloading its payload. The malware continues to adapt, swapping out tactics frequently. Since its creation, the malware has extended its functions to include collecting credentials from

Read More
03 Mar 2020

TrickBot Adds ActiveX Control, Hides Dropper in Images

The TrickBot banking trojan has recently increased its capabilities, adding Windows 10 ActiveX control. This new feature gives the banking trojan the ability to execute malicious macros that are hidden in documents. A researcher at Morphisec Labs stated that in the past few weeks, two dozen documents have emerged that

Read More
15 Jan 2020

U.N. Weathers Storm of Emotet-TrickBot Malware

Emotet malware operators have recently targeted the United Nations personnel in an attack that aimed to deliver the TrickBot trojan malware. Researchers at Confense stated that a phishing campaign fraudulently representing the Permanent Mission of Norway has taken place over the last several days. The emails were sent to 600

Read More
09 Jan 2020

TrickBot Adds Custom, Stealthy Backdoor to its Arsenal

TrickBot is evolving to avoid detection by adding a new backdoor to its arsenal. Russian cybercriminals behind the malware have developed “PowerTrick” to infiltrate high-value targets and give TrickBot new capabilities. SentinelLabs stated that PowerTrick was released on Thursday and is designed to execute commands and return results in Base64

Read More
13 Dec 2019

Targeted Attacks Deliver New “Anchor” Malware to High-Profile Companies

A campaign that started in October is being used to deliver financial malware against entities in the manufacturing and retail sectors. Researchers at the Cybereason Nocturnus group have been following the new campaign closely, determining that it commences with a phishing attack to deliver TrickBot and ultimately delivers a relatively

Read More