![]() ![]() Extract login credentials from the registry, the databases of various applications and configuration files, as well as steal private keys, SSL certificates and data files for cryptocurrency wallets.Provide remote device control via the VNC protocol.Intercept web traffic on the infected computer.Harvest usernames, password hashes and other information useful for lateral movement in the network from Active Directory and the registry.Its operators can then use it for various tasks - from reselling access to the corporate infrastructure to third-party attackers, to stealing sensitive data. The modern Trickbot’s main objective is to penetrate and spread on local networks. Our experts were able to download modules of the Trojan from one of its C&C servers and analyze them thoroughly. In fact, its presence there could indicate something far more serious - a ransomware injection attempt or even part of a targeted cyberespionage operation. Therefore, infosec officers who detect it might view it as a random home-user threat that accidentally slipped into the corporate network. Some security solutions still recognize Trickbot as a banking Trojan, as per its original specialty. Such repurposing could pose an additional danger to employees of corporate security operation centers and other cybersec experts. ![]() News outlets recently reported that Trickbot’s authors have hooked up with various new partners to use the malware to infect corporate infrastructure with all kinds of additional threats, such as the Conti ransomware. What’s more, Trickbot is now popular with cybercriminal groups as a delivery vehicle for injecting third-party malware into corporate infrastructure. In recent years, however, its creators have actively transformed the banking Trojan into a multifunctional modular tool. Found mostly on home computers back then, its primary task was to steal login credentials for online banking services. Exactly five years ago, in October 2016, our solutions first encountered a Trojan named Trickbot (aka TrickLoader or Trickster). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |