TrickBot Update Makes Malware Harder to Detect: Report

TrickBot Update Makes Malware Harder to Detect: Report

Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management

Updated Module Runs on System Memory, Leaving Little Trace Ishita Chigilli Palli (Ishita_CP) • June 1, 2020    

The developers behind TrickBot malware have updated it to run from an infected device's memory to help better avoid detection, according to researchers at Palo Alto Networks' Unit 42.

See Also: Live Webinar | Combating Cyber Fraud: Best Practices for Increasing Visibility and Automating Threat Response

Since the start of the COVID-19 pandemic, researchers at Microsoft have noted an increase in TrickBot infections, especially through phishing emails that used the pandemic as a lure to get victims to click on malicious attachments (see: COVID-19 Phishing Emails Mainly Contain TrickBot: Microsoft).

When researchers first spotted TrickBot in 2016, the malware functioned as a banking Trojan. But it has since morphed into an information stealer and backdoor. In addition, TrickBot is now combined with other malware, such as Emotet, to help deliver ransomware, including Ryuk (see: Emotet, Ryuk, TrickBot: 'Loader-Ransomware-Banker Trifecta').

New Module

The Unit 42 researchers found that the latest update to TrickBot changes one of the modules that the malware uses to propagate from an infected Microsoft Windows device to a doma ..