Researchers Find 2 Fresh Versions Following Takedown Efforts
The gang operating Trickbot is continuing its activities despite recent takedown efforts, rolling out two updates that make the malware more difficult to kill, according to the security firm Bitdefender.
The latest Trickbot versions – 2000016 and 100003 – were rolled out on Nov. 3 and Nov. 18, respectively, with changes that include using a new command-and-control infrastructure based on Mikrotik routers and only using packed modules. The malware was last updated in August, the researchers say.
Version 2000016 was active only about three weeks after Microsoft collaborated with other cybersecurity companies and government agencies to take down the million-device Trickbot botnet, Bitdefender says.
“Completely dismantling Trickbot has proven more than difficult, and similar operations in the past against popular Trojans has proven that the cybercriminal community will always push to bring back into operation something that’s profitable, versatile and popular,” the report states.
“Trickbot might have suffered a serious blow, but its operators seem to be scrambling to bring it back, potentially more resilient and difficult to extirpate than ever before.”
So far, the new versions have been used in attacks in the U.S., Malaysia, Romania,…