• Proteams Information Tech

Trickbot Has Risen Again

Trickbot is a trojan, it has been around for a while and was mainly used to steal user credentials such as banking details


Malware, ransomware, cyber criminals. As we’ve spoken about a few times- it is rife, and the groups behind these attacks are getting more confident and coming up with more complex ways to carry out their crimes. The treacherous TrickBot malware has reared its ugly head once more, with the Russian-based cybercrime group working tirelessly to restructure their attacks as law enforcement has been cracking down in trying to stop them from causing more damage. As law enforcement ups the security measures and attempts to take down and intercept the malware, the criminal group dubbed as “Wizard Spider” are constantly improving and expanding their infection chains by adding modules with new functions to boost the effectiveness of their attacks.


Trickbot is a trojan, it has been around for a while and was mainly used to steal user credentials such as banking details. The operation uses compromised computers as a botnet and runs things such as ransomware and other cyberhacking techniques. Botnets comprising of hundreds of hacked devices are used to launch denial-of-service attacks with the intent of taking websites offline by creating fake site traffic. Once they have control of the devices, they can then spread malware, spam or ransomware on the computers that are infected. Trickbot is known for hijacking routers and other internet of things devices that can be infected with ease and without the owners of these devices cottoning on to it. The Trojan has been responsible for hacking into around 250 million accounts by disabling Windows Defender and stealing cookies, it was then able to steal Windows directory credentials and infect Linux devices.


"TrickBot has evolved to use a complex infrastructure that compromises third-party servers and uses them to host malware," Lumen's Black Lotus Labs disclosed last October. "It also infects consumer appliances such as DSL routers, and its criminal operators constantly rotate their IP addresses and infected hosts to make disruption of their crime as difficult as possible."

The groups responsible seem to often originate from Ukraine, Belarus and mostly Russia, this is because these countries have little to no jurisdiction and have even been accused of supporting cybercriminals. Joe Biden has already and recently pressed Vladimir Putin to stop providing a haven for the hacker groups. The botnet has overcome two attempts by Microsoft and the U.S Cyber Command to be taken down and the developers are creating components that mess with the firmware, allowing the hackers to plant a backdoor in the UEFI (Unified Extensible Firmware Interface) which allows it to avoid any antivirus detection software, updates, or even total wipes and reinstalls of the OS. Trickbot has supposedly been behind attacks on schools and hospitals, stealing login credentials and locking systems to demand payment.


Removal of malware from routers and hardware can be difficult for users, especially as the hacker groups are becoming more adept on how to completely override security systems and anti-virus software. But a ground-level tactic by Miscrosoft has been working well in Brazil and Latin America, where they have been working with internet service providers to go door-to-door to replace the routers that have been infected with the Trickbot malware.

It is very much an ongoing issue, but companies and the government are working towards eradicating this along with many other cybercriminals, and the Justice Department has charged a woman who allegedly helped to develop it this year.


Keep up-to-date with the latest tech industry insights, trends as well as information technologies, app development, and small business content with the Proteams Blog

Follow us on LinkedIn for updates on the latest tech news here

5 views0 comments

Recent Posts

See All