TrickBot malware is once again spotted by cybersecurity researchers in the latest investigation. According to them, the hackers behind this banking trojan have improved their tactics by fortifying their defense. This means that this malware can now avoid web injection attacks and even antiviruses.

TrickBot Malware is Getting Difficult to Remove

According to a report by IBM Trusteer on Monday, Jan. 24, the TrickBot malware hackers have escalated their methods by inserting added protection to fit the malware injections.

This enhanced defense has been previously used during online banking fraud, so security experts will have a hard time solving the issue. On top of that, the cybercriminals have been more active with TrickBot deployment since the Dyre Trojan departed.

Originally, TrickBot first began as a banking trojan, but as cybersecurity practices become tighter, the hackers should keep up with these security measures. It evolved into a crimeware-as-a-service (CaaS) that utilized several actors to distribute ransomware payloads in the system.

To date, several TrickBot variations have been discovered. The most common is the "Trickboot" module which is notorious for compromising devices by changing its UEFI firmware.

Related Article: TrickBot Malware Comes with New 'tvncDll' Module That Will Infect Systems, Install More Virus to the Machines

Multi-Stage Malware Propagation

Despite attempts to completely erase TrickBot, experts saw no success in eradicating this cyber nuisance. The operators only amped their methods and propagated TrickBot into a multi-stage malware responsible for spam and phishing incidents.

According to a report by The Hacker News, the once-dead Emotet malware was recently found to be piggybacking on TrickBot. The system infection will spread further once the Cobalt Strike-post exploitation tool is dropped.

In line with this, researchers spotted last month that there were nearly 140,000 systems in 149 countries that were hit by TrickBot.

Real-Time Web Injections 

So far, IBM Trusteer has noticed that stealing bank credentials is now achievable without breaking a sweat. It was discovered that TrickBot can now evade real-time web injections. This points out that invading a banking portal is easier through directing users to replica domains as part of their man-in-the-browser (MiTB) attack.

"To facilitate fetching the right injection at the right moment, the resident TrickBot malware uses a downloader or a JavaScript (JS) loader to communicate with its inject server," security web researcher at IBM security web researcher Michael Gal said.

He continued that the gang behind this dangerous cyberthreat was testing waters after Dyre's demise six years ago. Amid the COVID-19 pandemic, the operations continued as takedown attempts happened, according to Gal.

In addition, the hackers have been devising their methods to earn more profits while continuously fine-tuning the current malware model.

To add, the anti-debugging feature of TrickBot leans on crashing the page to trigger a memory overload. This would later bar the cybersecurity researchers from deploying the potential solution to exterminate the malware.

To know more about Trojan malware types, here's an article that you can read for more information.

Read Also: SysJoker Malware Reportedly Attacks Intel, M1 Macs | Experts Recommend These Security Tools to Detect it

This article is owned by Tech Times

Written by Joseph Henry