TrickBot malware now crashes researchers’ devices to evade analysis

Since the return of TrickBot malware researchers are observing additional features and capabilities which makes its detection and analysis tougher than ever.

TrickBot banking trojan has evolved into a full-featured, multi-purpose crimeware-as-a-service or CaaS. A majority of threat actors are employing TrickBot to deliver additional payloads on their targets, such as ransomware.

What’s more, nearly a hundred different variations of the malware have been discovered so far. When a trojan is so much in demand by the cybercrime fraternity, it becomes a priority of its operators to ensure the trojan stays undetected by researchers.

According to IBM Trusteer’s latest report, operators behind TrickBot malware have fine-tuned its functionalities and added multiple defense layers to evade anti-malware software and protect it from inspection and research.

How TrickBot Prevents Reverse Engineering

In the cybersecurity community, reverse engineering is performed to analyze a malware sample and dissect and dismantle its code to understand how it operators or defends itself against anti-malware solutions. There are three main lines of defenses malware used to prevent reverse engineering. The first trick is using server-side injections instead of loading them via infected machines. 

The second trick is using HTTPS communications to fetch injections from its

Read More: