The Trickbot Trojan has been revised with a new set of anti-reverse engineering features including the capability to crash computers if analysis tools are detected.
Over the years, Trickbot has evolved from its original state as a banking Trojan to a wider suite of malicious components.
Following the retirement of Dyre in 2016 and the disruption of the Emotet botnet by law enforcement in 2021, Trickbot has filled the gap for many threat actors and is now used to steal financial data and to facilitate the execution of ransomware – and due to its versatile, modular nature, has also become a popular option for deploying other forms of malware.
“Between takedown attempts and a global pandemic, it has been diversifying its monetization models and growing stronger,” researchers from IBM Trusteer say.
In a new report on the malware’s current development, IBM Trusteer has found that the malware’s usage continues to escalate and samples of recent Trickbot injections have revealed new features designed to prevent analysis.
Reverse engineering in cybersecurity aims to dissect a malware sample, dismantling the code to find out how it operates — and potentially how to defend against it. There are three major lines of defense used by the