TrickBot Gang Likely Shifting Operations to Switch to New Malware

TrickBot, the infamous Windows crimeware-as-a-service (CaaS) solution that’s used by a variety of threat actors to deliver next-stage payloads like ransomware, appears to be undergoing a transition of sorts, with no new activity recorded since the start of the year.

The lull in the malware campaigns is “partially due to a big shift from Trickbot’s operators, including working with the operators of Emotet,” researchers from Intel 471 said in a report shared with The Hacker News.

The last set of attacks involving TrickBot were registered on December 28, 2021, even as command-and-control (C2) infrastructure associated with the malware has continued to serve additional plugins and web injects to infected nodes in the botnet.

Interestingly, the decrease in the volume of the campaigns has also been accompanied by the TrickBot gang working closely with the operators of Emotet, which witnessed a resurgence late last year after a 10-month-long break following law enforcement efforts to tackle the malware.

The attacks, which were first observed in November 2021, featured an infection sequence that used TrickBot as a conduit to download and execute Emotet binaries, when prior to the takedown, Emotet was often used to drop TrickBot samples. Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *