Microsoft did door-to-door router replacements to stop Trickbot malware

Microsoft says it’s gone door-to-door replacing routers compromised with the Trickbot malware in Brazil and Latin America, hoping to squash an international hacking group. The Daily Beast reported the detail in an article about the group, which is an ongoing target for US Cyber Command as well as information security companies like Microsoft.

The Daily Beast reports that the hacking ring — also known as Trickbot and based in Russia, Belarus, Ukraine, and Suriname — is a persistent presence online. The group uses compromised computers as a massive botnet and runs ransomware attacks and other illegal operations. Trickbot is known to hijack routers and internet of things devices that are often easy to infect without owners realizing it. Eradicating malware from routers can be particularly difficult for users, making in-person replacement a surprisingly effective tactic.

Law enforcement agencies and companies have made some recent inroads into tackling Trickbot. The Justice Department charged a woman who allegedly helped develop it last month, and Microsoft boasted in 2020 that it had cut off 94 percent of the group’s server infrastructure, aiming to prevent any attacks on the US election. But Amy Hogan-Burney, general manager of Microsoft’s Digital Crimes Unit, told The Daily Beast that Trickbot remained a “continuing challenge.” That’s where the router replacement comes in — apparently as a partnership with local internet service providers.

Trickbot has been allegedly behind attacks on hospitals, schools, and governments, stealing login credentials and locking computer systems to demand payment. Microsoft’s door-to-door replacement operation is just one piece of the attempts to stop it, but it’s an interesting ground-level tactic in the malware fight.