January 5, 2022
RadioPublic Podcasts
Join our community!!
Subscribe to the Insecurity Brief podcast now on every platform we can find
Follow me on Twitter
Links
Our Website:
Youtube:
Rumble:
iTunes:
Spotify:
Trip’s books
https://www.tripelix.com/merch
#trickbot #malware #windows #microsoft #ransomware
“BazaCall” or “BazarCall” is a support scam that entices victims to download and run a malicious Excel spreadsheet that infects a vulnerable Windows computer with BazaLoader (also called BazarLoader) malware. This infection process involves a fake support center and support person who guides you through the process. This video shows an example of how someone might get infected.
IBM X-Force has been tracking the activity of ITG23, a prominent cybercrime gang also known as the TrickBot Gang and Wizard Spider. Researchers are seeing an aggressive expansion of the gang’s malware distribution channels, infecting enterprise users with Trickbot and BazarLoader. This move is leading to more ransomware attacks — particularly ones using the Conti ransomware.
https://securityintelligence.com/posts/trickbot-gang-doubles-down-enterprise-infection/
Efforts to disrupt TrickBot may have shut down most of its critical infrastructure, but the operators behind the notorious malware aren’t sitting idle. According to new findings shared by cybersecurity firm Netscout, TrickBot’s authors have moved portions of their code to Linux in an attempt to widen the scope of victims that could be targeted
https://thehackernews.com/2020/10/trickbot-linux-variants-active-in-wild.html
Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware’s back-end infrastructure.
https://thehackernews.com/2020/10/trickbot-computer-virus.html
The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti.
https://thehackernews.com/2021/10/attackers-behind-trickbot-expanding.html
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.
https://www.cybereason.com/blog/threat-analysis-report-from-shatak-emails-to-the-conti-ransomware
The operators of TrickBot trojan are collaborating with the Shathak threat group to distribute their wares, ultimately leading to the deployment of Conti ransomware on infected machines.
https://thehackernews.com/2021/11/trickbot-operators-partner-with-shatak.html
Trickbot (aka TrickLoader or Trickster), is a successor of the Dyre banking Trojan that was active from 2014 to 2016 and performed man-in-the-browser attacks in order to steal banking credentials. Trickbot was first discovered in October 2016. Just like Dyre, its main functionality was initially the theft of online banking data. However, over time, its tactics and goals have changed. Currently Trickbot is focused on penetration and distribution over the local network, providing other malware (such as Ryuk ransomware) with access to the infected system, though that’s not the only functionality it supports.
Today we took action to disrupt a botnet called Trickbot, one of the world’s most infamous botnets and prolific distributors of ransomware. As the United States government and independent experts have warned, ransomware is one of the largest threats to the upcoming elections. Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust.
https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/
Trip Elix is an author, podcaster and video personality Over the last 30 years, he has worked as a security analyst and privately as a consultant, investigator, forensic technician, and skip tracer. He is the author of books and gives talks on security and privacy.
Coyright