The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Trickbot

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected

December 03, 2020Ravie Lakshmanan
TrickBot , one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system. The new functionality, dubbed " TrickBoot " by Advanced Intelligence (AdvIntel) and Eclypsium, makes use of readily available tools to check devices for well-known vulnerabilities that can allow attackers to inject malicious code in the UEFI/BIOS firmware of a device, granting the attackers an effective mechanism of persistent malware storage. "This marks a significant step in the evolution of TrickBot as UEFI level implants are the deepest, most powerful, and stealthy form of bootkits," the researchers said. "By adding the ability to canvas victim devices for specific UEFI/BIOS firmware vulnerabilities, TrickBot actors are able to target specific victims with firmware-level persistence that survives re-imaging or even device br
TrickBot Linux Variants Active in the Wild Despite Recent Takedown

TrickBot Linux Variants Active in the Wild Despite Recent Takedown

October 28, 2020Ravie Lakshmanan
Efforts to disrupt TrickBot may have  shut down  most of its critical infrastructure, but the operators behind the notorious malware aren't sitting idle. According to new findings shared by cybersecurity firm  Netscout , TrickBot's authors have moved portions of their code to Linux in an attempt to widen the scope of victims that could be targeted. TrickBot, a financial Trojan first detected in 2016, has been traditionally a Windows-based crimeware solution, employing different modules to perform a wide range of malicious activities on target networks, including credential theft and perpetrate ransomware attacks. But over the past few weeks, twin efforts led by the US Cyber Command and Microsoft have helped to  eliminate 94%  of TrickBot's command-and-control (C2) servers that were in use and the new infrastructure the criminals operating TrickBot attempted to bring online to replace the previously disabled servers. Despite the steps taken to impede TrickBot, Microsof
Microsoft and Other Tech Companies Take Down TrickBot Botnet

Microsoft and Other Tech Companies Take Down TrickBot Botnet

October 13, 2020Ravie Lakshmanan
Days after the US Government took steps to disrupt the notorious TrickBot botnet , a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure. The joint collaboration, which involved Microsoft's Digital Crimes Unit , Lumen's Black Lotus Labs , ESET , Financial Services Information Sharing and Analysis Center ( FS-ISAC ), NTT , and Broadcom's Symantec , was undertaken after their request to halt TrickBot's operations was granted by the US District Court for the Eastern District of Virginia. The development comes after the US Cyber Command mounted a campaign to thwart TrickBot's spread over concerns of ransomware attacks targeting voting systems ahead of the presidential elections next month. Attempts aimed at impeding the botnet were first reported by KrebsOnSecurity early this month. Microsoft and its partners analyzed over 186,000 TrickBot samples, using it to track down the m
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.