If you are someone who relies on “Windows Defender” on Windows 10 to protect your device from malware threats, you should know about the new version of TrickBot malware that attempts to disable the antivirus software altogether.
TrickBot Trojan isn’t exactly new as it surfaces from time to time. The last we heard about TrickBot was a couple of weeks ago when it managed to infect nearly 250 million Gmail accounts with new cookie stealing abilities.
For the uninitiated, TrickBot is a trojan that tries to steal bank account information, crypto wallets, browser data, and other credentials saved on your PC and browser.
TrickBot Disabling Windows Defender
Every time TrickBot surfaces, it has newly added capabilities. This time, it has the ability to disable Windows Defender and deploys about 17 steps to achieve it.
According to Bleeping Computer, TrickBot tries to delete the WinDefend service and terminates associated processes. It also adds a DisableAntiSpyware Windows policy to disable Windows Defender.
It goes the extra malware mile by disabling Windows Defender real-time protection and Windows security notifications. Bleeping Computer’s report states:
“These methods utilize either Registry settings or the Set-MpPreference PowerShell command to set Windows Defender preferences.”
Can we stop TrickBot?
By blocking access to the Windows Registry and removing a user’s admin rights by default, TrickBot can be prevented from disabling Windows Defender.
< ..
Support the originator by clicking the read the rest link below.
