Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors
Jun 05, 2023
Malware / Cyber Threat
A surge in TrueBot activity was observed in May 2023, cybersecurity researchers disclosed. "TrueBot is a downloader trojan botnet that uses command and control servers to collect information on compromised systems and uses that compromised system as a launching point for further attacks," VMware's Fae Carlisle said . Active since at least 2017, TrueBot is linked to a group known as Silence that's believed to share overlaps with the notorious Russian cybercrime actor known as Evil Corp . Recent TrueBot infections have leveraged a critical flaw in Netwrix Auditor ( CVE-2022-31199 , CVSS score: 9.8) as well as Raspberry Robin as delivery vectors. The attack chain documented by VMware, on the other hand, starts off with a drive-by-download of an executable named " update.exe " from Google Chrome, suggesting that users are lured into downloading the malware under the pretext of a software update. Once run, update.exe establishes connections with a k