Updated Truebot Malware Targeting Orgs in US, Canada

North American cybersecurity agencies are warning about a new variant of the Truebot Trojan that collects and exfiltrates information from victims.

See Also: Live Webinar | Reclaim Control over Your Secrets – The Secret Sauce to Secrets Security

In an advisory published Thursday, the U.S. Cybersecurity and Infrastructure Security Agency, the FBI, the Multi-State Information Sharing and Analysis Center and the Canadian Centre for Cyber Security warned that cybercriminals were using the newly identified variant, tracked as Silence.Downloader, as recently as May 31.

Silence.Downloader attacks a known critical-severity vulnerability CVE-2022-31199 – a remote code execution vulnerability in Netwrix Auditor. Threat actors have leveraged this flaw to gain initial access and move laterally within the compromised network, CISA said. Threat actors leverage phishing campaigns with malicious redirect hyperlinks and CVE-2022-31199 to deliver new variant, CISA said.

“Previous Truebot malware variants were primarily delivered by cyber threat actors via malicious phishing email attachments, but this newer versions allow cyber threat actors to also gain initial access through exploiting CVE-2022-31199, enabling deployment of the malware at scale within the compromised environment,” CISA said in the advisory.

The Netwrix audit tool is used for on-premises and cloud-based IT system auditing by over 13,000 organizations worldwide. It tracks happenings across IT environment to streamlines IT…