The TrickBot malware is coming back with a more established VNC module that could spy on a person through a machine.

Cybersecurity researchers said that the notorious gang behind the malware has developed it to compromise more systems in different places.

New TrickBot Malware Module Used in Monitoring

2020 Saw Sharp Rise In Global Cybercrime
(Photo : Sean Gallup/Getty Image)
BERLIN, GERMANY - JANUARY 25: In this photo illustration a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021 in Berlin, Germany. 2020 saw a sharp rise in global cybercrime that was in part driven by the jump in online retailing that ensued during national lockdowns as governments sought to rein in the coronavirus pandemic.

According to a technical report written by Bitdefender Labs on Monday, July 12, the new module of the TrickBot malware has paved the way for more effective spying on its victims.

The cyberattacks of criminals have become even harder to detect since they conceal the data transmissions from the servers. The experts added that TrickBot is not showing any signs that it would stop soon.

In 2016, the malware was called a banking Trojan.

Now with the new module, TrickBot becomes "trickier" to catch since it could compromise infrastructures even though in offline mode. The malware accesses the compromised devices through the actors, which utilize the botnets.

When hacked devices have malware, it becomes even harder to decrypt the infected files. This proves that the Russian hackers only find ways to improve the capability of the malware. It could reveal confidential details about a user, as well as it could install another ransomware by infecting the healthy systems with the modules.

Read Also: Guess, an American Clothing Brand Reveals About Data Breach; DarkSide Ransomware Most Likely the Culprit

TrickBot is Evolving Through its Module

Despite the authorities trying to shut it down, the TrickBot malware still lives.

Microsoft managed to deal with it but its plan is still not enough to ensure that it won't come back anymore. Many infrastructures still suffer from infection through malware. Even the appliances at home, such as routers, could be infected through collecting information about the IP address and network name.

Hackernews reported on Tuesday, July 13, that the upgraded "vncDll" module now transforms into "tvncDll" for its improved version. It can now spy on a person without him/her knowing while stealing chunks of data.

It's even getting more serious since the malware could now install more malware payloads and launch a series of attacks that would destroy the system.

According to the researchers, there was a "viewer tool," which the ransomware gang utilizes to access victims' profiles in C2 servers.

Microsoft said that it would continue to coordinate with the ISPs (internet service providers) to put an end to the TrickBot malware that compromises routers across Latin America and Brazil. The Redmond company also plans to stop its operations in Afghanistan since its damages have gone beyond.

How to Remove TrickBot

According to Make Use Of, TrickBot malware is avoidable if you learn to follow the steps on how to deal with it. Here are they:

  • Start with educating employees with knowledge about cybersecurity and how phishing works.

  • Use malware-detecting tools

  • Separate the infected machines from the healthy ones

  • Change all passwords and disable administrative shares

  • Use a multi-layer protection program that will block it in real-time

  • Block IP addresses that look suspicious

Related Article: [BEWARE] New Malware Strains Trickbot and Emotet Can Bypass Antivirus Software! Here's its Trick!

This article is owned by Tech Times

Written by Joseph Henry

ⓒ 2021 All rights reserved. Do not reproduce without permission.