TrickBot Takes a Break, Leaving Researchers Scratching Their Heads

The infamous trojan is likely making some major operational changes, researchers believe.

The group behind the TrickBot malware is back after an unusually long lull between campaigns, according to researchers — but it’s now operating with diminished activity. They concluded that the pause could be due to the TrickBot gang making a large operational shift to focus on partner malware, such as Emotet.

report from Intel 471 published on Thursday flagged a “strange” period of relative inactivity, where “from December 28, 2021 until February 17, 2022, Intel 471 researchers have not seen new TrickBot campaigns.”

Before the lull, an incident last November indicated that the TrickBot botnet was used to distribute Emotet – indicating that the collaboration with the group behind the Emotet malware is ongoing. Intel 471 also tied in a third group – the operators of the Bazar malware family – whose controllers were found “pushing commands to download and execute TrickBot (mid-2021) and Emotet (November 2021).”

The report noted how, in years past, malicious actors have used TrickBot to install Emotet on target machines, and vice versa. Researchers speculated that, this time around, “it’s likely that the TrickBot operators have phased TrickBot malware out

Read More: https://threatpost.com/trickbot-break-researchers-scratching-heads/178678/