TrickBot One of The Most Widespread Botnet Malware, Has Found a New Trick To Attack Computers


The hackers responsible for TrickBot can now further infect their victims' devices. Now, this malware is more difficult to detect and remove.


TrickBot is the name of one of the best-known malware today, it has become the most active cybercrime network of the moment, a botnet. It is composed of at least one million hijacked computers that were infected with the Trickbot malware and that, according to the reports of the computer security agencies, it would be administered by cybercriminals of Russian origin.


Microsoft tried to kill him a month ago, as well as other cybersecurity companies, but he's persistent. This resistance seems to have its origin in a new trick discovered by cybercriminals to further infect the machine.


The trick is to infect the most basic and indispensable part of the computer, the one without which everything or the rest would not work, the UEFI. Unified Extensible Firmware Interface It is the generational replacement of the BIOS system (Basic Input / Output System), present in the startup of computers for more than 40 years, and which it has been progressively replacing in new computers and devices for almost a decade.


The function of UEFI in a computer is basically to connect the hardware with the software code and give the instructions for the machine to boot. Other malware how TrickBot is also finding this strategy infecting UEFI files to run even before the operating system itself has started, by doing its elimination impossible doesn't matter if the system is reinstalled, partitions are formatted, and even the hard drive is replaced, the virus is still there.


Computer UEFIs are already equipped with protection programs to avoid these situations, but cybercriminals seem to have found an option, a security breach that allows them to carry out the attack and hide behind the UEFI.


Security signatures AdvIntel and Eclypsium they have been the ones that have detected that new component of the Trojan that the hackers of TrickBot used to infect machines of the millions of victims.


Vitali Kremez, Adv Intel cybersecurity researcher and CEO of the company, explained to The Wired what "The group is looking for novel ways to achieve very advanced persistence in systems, to survive software updates and get into the firmware core". If the firmware of a computer is infected," the possibilities are endless, from destruction to takeover of the basically complete system" Kremez adds.

Previous Post Next Post