SilentTrinity

The SilentTrinity is a new hacking tool, which was spotted in a campaign carried out against the Croatian government recently. Malware experts couldn’t identify what hacking group is responsible for the attacks. However, this new threat has an interesting feature – the SilentTrinity malware does not leave behind any traces of its activity on the infected machine. This is done by the payload entering the RAM of the system. This makes the SilentTrinity malware much more difficult to spot for anti-spyware tools and minimizes the traces left of the unsafe activity greatly.

Propagation Method

The propagation method used by the authors of the SilentTrinity malware is spam emails masquerading as legitimate email sent by the Croatian Postal Service, even going as far as mimicking the original domain names of the institution. The emails would have a macro-laced attachment, which would contain the SilentTrinity’s payload.

A Prime Example of Fileless Malware

SilentTrinity does not make use of the user's hard drive and, instead, stores the primary corrupted Python script in the RAM (Random Access Memory.) Then the threat will connect to the attackers’ C&C (Command & Control) server. The main Python script allows SilentTrinity to communicate with the attacker's server and receive new tasks from there. However, it does not operate with the remote commands usually used by Trojans of this sort - instead, its authors feed it new Python scripts that will be executed in the compromised computer’s memory. The outcome of the actions of the newly introduced Python scripts is logged and transferred back to the attackers’ server, therefore providing them with the result produced by the attack module they used.

The data that is exchanged between the compromised machine and the server of the attackers is encrypted. The SilentTrinity malware could allow its authors to use it in a wide variety of ways once it is on the targeted system.

Once the Croatian authorities spotted the attack, they were able to halt it clear the infected system of the SilentTrinity malware. Even though this is good news for them, the attackers can decide to choose a new target at any point in time. Make sure that a legitimate anti-malware application is running to keep your system safe from the countless threats lurking online.