TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators

Written by
Feb 25, 2022 | CYBERSCOOP

The operators of TrickBot have essentially shut down the notorious malware, multiple reports say, but evidence suggests the gang has begun using other platforms or folded operations into another cybercrime group altogether.

Researchers at Intel471 and AdvIntel noted a sharp dip in recent TrickBot activity in separate reports Thursday, even though the command-and-control infrastructure for the malware remains operational.

Intel471 said “it’s likely that the Trickbot operators have phased Trickbot malware out of their operations in favor of other platforms,” probably Emotet — a development researchers have been tracking for months.

AdvIntel’s Yelisey Boguslavskiy, meanwhile, said in his report that TrickBot’s operators had been subsumed into Conti, a Russia-linked cybercrime group known for offering “ransomware as a service” packages to its affiliates. Researchers previously had noted TrickBot connections with Conti.

“In name, at least, this means that TrickBot’s four-year saga is now coming to a close — the liaison that has defined the cybercrime domain for years has been reborn into a newer, possibly even deadlier form,” Boguslavskiy wrote. “However, the people who have led TrickBot throughout its long run will not simply disappear. After being ‘acquired’ by Conti, they

Read More: