The developers behind TrickBot malware have updated it to run from an infected device's memory to help better avoid detection, according to researchers at Palo Alto Networks' Unit 42.
Since the start of the COVID-19 pandemic, researchers at Microsoft have noted an increase in TrickBot infections, especially through phishing emails that used the pandemic as a lure to get victims to click on malicious attachments (see: COVID-19 Phishing Emails Mainly Contain TrickBot: Microsoft).
When researchers first spotted TrickBot in 2016, the malware functioned as a banking Trojan. But it has since morphed into an information stealer and backdoor. In addition, TrickBot is now combined with other malware, such as Emotet, to help deliver ransomware, including Ryuk (see: Emotet, Ryuk, TrickBot: 'Loader-Ransomware-Banker Trifecta').
The Unit 42 researchers found that the latest update to TrickBot changes one of the modules that the malware uses to propagate from an infected Microsoft Windows device to a doma ..