TrickBot Crashes Browser Tabs to Hinder Malware Analysis

TrickBot is continuously evolving, as the malware has been recently extended with new features. These challenge its research, analysis, and detection as its latest variants are improved to crash browser tabs upon beautified script identification.

TrickBot and How It Works

TrickBot can be described as modular malware, this meaning that hackers have the capacity of deploying several modules. These modules trigger of course different malicious actions and cyberattacks. Here’s what Trickbot can do:

Facilitate man-in-browser attacks for online banking credentials and active directory theft purposes; Propagate further across the network; Engage in data exfiltration/data egress; Deploy payloads.

According to BleepingComputer, this malware has been recently associated with ransomware families like Diavol, Conti, or Emotet. It’s leveraged to deploy payloads because of its efficiency and stealthiness.

What’s New with Trickbot: Anti-Analysis Features and More

It was reported that anti-analysis features have been added to this notorious malware dubbed TrickBot. A report comes from the IBM Trusteer’s researchers who investigated recent samples and discovered some interesting facts.

The developers of TrickBot seem to use a set of base64 encoding and obfuscation layers to produce the script. Here we can enumerate layers like replacement and extraction of strings, monkey patching, dead

Read More: https://heimdalsecurity.com/blog/trickbot-crashes-browser-tabs-to-hinder-malware-analysis/