1 min read

Trickbot Activity Increases; new VNC Module On the Radar

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Trickbot Activity Increases; new VNC Module On the Radar

Trickbot has been around since late 2016, when it appeared in the form of a banker and credential-stealing application. Drawing inspiration from Dyre (or Dyreza), Trickbot consists of an ecosystem of plugin modules and helper components. The Trickbot group, which has infected millions of computers worldwide, has recently played an active role in disseminating ransomware.

We have been reporting on notable developments in Trickbot’s lifecycle, with highlights including the analysis in 2020 of one of its modules used to bruteforce RDP connections and an analysis of its new C2 infrastructure in the wake of the massive crackdown in October 2020.

Despite the takedown attempt, Trickbot is more active than ever. In May 2021, our systems started to pick up an updated version of the vncDll module that Trickbot uses against select high-profile targets. This module, known as tvncDll, is used for monitoring and intelligence gathering. It seems to be still under development, since the group has a frequent update schedule, regularly adding new functionalities and bug fixes.

In addition to upgraded modules, Bitdefender has noted a significant increase in command-and-control centers deployed around the world.

This new research focuses on an updated VNC module, which includes new functionalities for monitoring and intelligence gathering.

Additionally, Bitdefender researchers have identified the software application that the attackers use to interact with the victims through the C2 servers. This tool is described in a dedicated chapter.

A complete analysis of the new component can be found in the researcher paper available below. An up-to-date and complete list of indicators of compromise is available to Bitdefender Advanced Threat Intelligence users.

Download the whitepaper

tags


Author



Right now

Top posts

Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike
Filip TRUȚĂRăzvan GOSAAdrian Mihai GOZOB
4 min read
New FluBot and TeaBot Global Malware Campaigns Discovered New FluBot and TeaBot Global Malware Campaigns Discovered
Bitdefender

January 26, 2022

10 min read
Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer
Bitdefender

January 19, 2022

2 min read