Trickbot Still Infecting Despite Government And Microsoft’s Best Efforts

TrickBot, is a financial Trojan first detected in 2016, has been traditionally a Windows-based crimeware solution, employing different modules to perform a wide range of malicious activities on target networks, including credential theft and perpetrating ransomware attacks.
Trickbot Still Infecting Despite Government And Microsoft’s Best Efforts
Every day Big Tech and Mass Media make it hard to find out what is going on with the internet. The suppression of information is a danger to all of us. Social media attempts to shape news and information by over-amplification of disinformation. This podcast hope to give information and provide insights from

Join our community!!
Subscribe to the Insecurity Brief podcast now on every platform we can find

Follow me on Twitter

@trip_elix

Links

Our Website:

https://www.tripelix.com/insecurity/trickbot-still-infecting-despite-government-and-microsofts-best-efforts/

Youtube:

https://youtu.be/A-qoZDCD9f8

Rumble:

rumblelink

iTunes:

https://podcasts.apple.com/us/podcast/trickbot-still-infecting-despite-government-and/id1583788677?i=1000541579154

Spotify:

https://open.spotify.com/episode/4dP65htJ5b8PRdShkxeKg4

Trip’s books
https://www.tripelix.com/merch

#trickbot #malware #windows #microsoft #ransomware

2021-03-29 BazaCall (BazarCall) Example
“BazaCall” or “BazarCall” is a support scam that entices victims to download and run a malicious Excel spreadsheet that infects a vulnerable Windows computer with BazaLoader (also called BazarLoader) malware. This infection process involves a fake support center and support person who guides you through the process. This video shows an example of how someone might get infected.

Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds
IBM X-Force has been tracking the activity of ITG23, a prominent cybercrime gang also known as the TrickBot Gang and Wizard Spider. Researchers are seeing an aggressive expansion of the gang’s malware distribution channels, infecting enterprise users with Trickbot and BazarLoader. This move is leading to more ransomware attacks — particularly ones using the Conti ransomware.

https://securityintelligence.com/posts/trickbot-gang-doubles-down-enterprise-infection/

TrickBot Linux Variants Active in the Wild Despite Recent Takedown
Efforts to disrupt TrickBot may have shut down most of its critical infrastructure, but the operators behind the notorious malware aren’t sitting idle. According to new findings shared by cybersecurity firm Netscout, TrickBot’s authors have moved portions of their code to Linux in an attempt to widen the scope of victims that could be targeted

https://thehackernews.com/2020/10/trickbot-linux-variants-active-in-wild.html

Microsoft and Other Tech Companies Take Down TrickBot Botnet
Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware’s back-end infrastructure.
https://thehackernews.com/2020/10/trickbot-computer-virus.html

Attackers Behind Trickbot Expanding Malware Distribution Channels
The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti.

https://thehackernews.com/2021/10/attackers-behind-trickbot-expanding.html

THREAT ANALYSIS REPORT: From Shathak Emails to the Conti Ransomware
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

https://www.cybereason.com/blog/threat-analysis-report-from-shatak-emails-to-the-conti-ransomware

TrickBot Operators Partner with Shathak Attackers for Conti Ransomware
The operators of TrickBot trojan are collaborating with the Shathak threat group to distribute their wares, ultimately leading to the deployment of Conti ransomware on infected machines.

https://thehackernews.com/2021/11/trickbot-operators-partner-with-shatak.html

Trickbot module descriptions
Trickbot (aka TrickLoader or Trickster), is a successor of the Dyre banking Trojan that was active from 2014 to 2016 and performed man-in-the-browser attacks in order to steal banking credentials. Trickbot was first discovered in October 2016. Just like Dyre, its main functionality was initially the theft of online banking data. However, over time, its tactics and goals have changed. Currently Trickbot is focused on penetration and distribution over the local network, providing other malware (such as Ryuk ransomware) with access to the infected system, though that’s not the only functionality it supports.

https://securelist.com/trickbot-module-descriptions/104603/

New action to combat ransomware ahead of U.S. elections
Today we took action to disrupt a botnet called Trickbot, one of the world’s most infamous botnets and prolific distributors of ransomware. As the United States government and independent experts have warned, ransomware is one of the largest threats to the upcoming elections. Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust.

https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/