Hackers Update Notorious TrickBot Malware to Evade Detection
The TrickBot malware variant, commonly used before ransomware deployments and designed to steal information, has been updated to evade detection, according to Palo Alto Networks.
The notorious Trickbot malware variant, frequently used prior to the deployment of ransomware and other malware, has been updated to evade detection, according to new research from Palo Alto Networks Unit 42. Its propagation module known as “mworm,” is now an “nworm,” which leaves no traces on a victim’s computer and disappears after a reboot or shutdown.
Since April 2020, the hackers have ceased using the mworm module altogether and are now primarily leveraging nworm. And researchers noted that TrickBot infections on the DC do not survive a system reboot.
“A TrickBot infection caused by the new mworm module is run from system RAM and does not appear to...