The TrickBot malware is coming back with a more established VNC module that could spy on a person through a machine.
Cybersecurity researchers said that the notorious gang behind the malware has developed it to compromise more systems in different places.
New TrickBot Malware Module Used in Monitoring
According to a technical report written by Bitdefender Labs on Monday, July 12, the new module of the TrickBot malware has paved the way for more effective spying on its victims.
The cyberattacks of criminals have become even harder to detect since they conceal the data transmissions from the servers. The experts added that TrickBot is not showing any signs that it would stop soon.
In 2016, the malware was called a banking Trojan.
Now with the new module, TrickBot becomes "trickier" to catch since it could compromise infrastructures even though in offline mode. The malware accesses the compromised devices through the actors, which utilize the botnets.
When hacked devices have malware, it becomes even harder to decrypt the infected files. This proves that the Russian hackers only find ways to improve the capability of the malware. It could reveal confidential details about a user, as well as it could install another ransomware by infecting the healthy systems with the modules.
TrickBot is Evolving Through its Module
Despite the authorities trying to shut it down, the TrickBot malware still lives.
Microsoft managed to deal with it but its plan is still not enough to ensure that it won't come back anymore. Many infrastructures still suffer from infection through malware. Even the appliances at home, such as routers, could be infected through collecting information about the IP address and network name.
Hackernews reported on Tuesday, July 13, that the upgraded "vncDll" module now transforms into "tvncDll" for its improved version. It can now spy on a person without him/her knowing while stealing chunks of data.
It's even getting more serious since the malware could now install more malware payloads and launch a series of attacks that would destroy the system.
According to the researchers, there was a "viewer tool," which the ransomware gang utilizes to access victims' profiles in C2 servers.
Microsoft said that it would continue to coordinate with the ISPs (internet service providers) to put an end to the TrickBot malware that compromises routers across Latin America and Brazil. The Redmond company also plans to stop its operations in Afghanistan since its damages have gone beyond.
How to Remove TrickBot
According to Make Use Of, TrickBot malware is avoidable if you learn to follow the steps on how to deal with it. Here are they:
Start with educating employees with knowledge about cybersecurity and how phishing works.
Use malware-detecting tools
Separate the infected machines from the healthy ones
Change all passwords and disable administrative shares
Use a multi-layer protection program that will block it in real-time
Block IP addresses that look suspicious
This article is owned by Tech Times
Written by Joseph Henry