[MART] - Daily Diary #303 - TrickBot is Still Active, And Implementing New Modules

CTAS-MAT ctas-mat at appgate.com
Tue Jul 13 21:16:04 UTC 2021

I hope everyone is doing well!

Below is the entry for today.

07/13/2021 - Diary entry #303:

First covered in our Daily Diary #71, Trickbot is one of the largest botnets currently active. TrickBot is very modular, having several capabilities implemented through additional modules downloaded by the core malware as needed. This week a new TrickBot campaign was discovered implementing a new module for remote VNC connection. VNC allows an attacker to stream a computer screen and allows a user to remotely control the device. In a malware, this adds RAT capabilities, stealthily watching the user actions and stealing data. This can also be used to perform actions impersonating the users, like Banker RATs do when navigating in the Internet Banking from their target's browser.

In our Daily Diary #114 we covered Dridex, another major botnet, that also implements a VNC module to watch their targets screen. It's not clear yet exactly the intentions of TrickBot on implementing this module. This incident proves that the cyber-crime gang behind it is still very much active, improving their malware into a much more dangerous threat.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Duarte Domingues
Security Researcher

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210713/934c50cf/attachment.html>

More information about the MART mailing list