First developed in 2016 as a piece of banking malware, and now seen across multiple industries, the well-known TrickBot Trojan has evolved yet again. Experts state that TrickBot is “…among the most advanced malware delivery vehicles” in existence today.
Advanced capabilities now enable it to bypass Windows 10 User Account Control (UAC) to spread malware across network locales.
The UAC feature previously prevented changes to operating systems by unauthorized persons. The ability to bypass the feature nullifies its utility.
On top of this news, last month researchers uncovered a PowerTrick backdoor within TrickBot malware. This backdoor enables the malware to gain a foothold within the most aggressively secure, air gapped, and high value networks.
In the past year, evidence has emerged indicating that the criminal group behind TrickBot may have developed an unprecedented alliance with the North Korean APT Lazarus group.
In other interesting news, the TrickBot malware has been found parsing text from articles about US President Donald Trump’s impeachment in order to circumnavigate the scanning engines for security software. For example, words from a story published by Independent.co.uk appear as part of the file information for executable.
Here’s a second example. The text was lifted from a CNN article, and is being employed within custom exif data tags.
*Images courtesy of Bleeping Computer.