15 July 21, 11:52
(This post was last modified: 15 July 21, 11:54 by silversurfer.)
Quote:The Trickbot trojan is in resurgence mode, with its operators filling out infrastructure globally and releasing an updated version of its “vncDll” module, used for monitoring and intelligence gathering, researchers said.
According to an analysis this week from Bitdefender, there has been “a significant increase in [Trickbot] command-and-control (C2) centers deployed around the world,” in the wake of an October takedown by Microsoft and partners. Microsoft was able to disrupt the botnet that spreads the malware, but even at the time, researchers warned that the operators will quickly try to revive their operations.
That appears to be happening, and not just on the infrastructure side: Researchers said that Trickbot’s espionage module is under active development, with a frequent update schedule that applies improved functionality and bug fixes.
The latest version of the spy module makes use of virtual network computing (VNC): hence its name, vncDll. It essentially sets up a virtual desktop that mirrors the desktop of a victim machine and sets about using it to steal information. It’s been circulating since late May, researchers said.
Read more: Trickbot Malware Rebounds with Virtual-Desktop Espionage Module | Threatpost