Recently TrickBot’s arsenal expanded with a newly installed module which makes the attackers capable of launching
Brute Force attacks against host with RDP (Remote Desktop Protocol) opened to the Internet. This feature, regarding nowadays’ exponentially augmented Home Office working environments, could become a great cause of concern.
A banking trojan, like any “common” trojan, is a malicious program that disguises itself as a real, harmless application. Its purpose is to steal sensitive information from users (login details, financial information, credit card details, etc). In addition, the banking trojans use various solutions to create botnets, steal login credentials, inject malicious code into browsers, and to steal money.
On January 30th, the new module (known as “rdpScanDLL”) was discovered and is still being developed, refined and upgraded. Its creators provide TrickBot with new and more sophisticated solutions on a regular and ongoing basis, so the fight against it requires more and more power and resources.
More information about TrickBot can be found at this link.
After infecting the victim, it creates an encrypted folder containing the malicious code and its configuration files, including a list of C&C (command-and-control) servers, which plugin to call, and which command to execute.
According to a BitDefender research, the ‘rdpScanDll’ plugin shares its configuration file with another plugin called ‘vncDll’, while communicating with C&C servers in standard URL format.
Most of the attacks are still on the Tel-Co sector, but education, finance (mainly banking) and R&D are also targeted.
As for the geolocation of targets, according to the BitDefender research, the United States and Hong Kong are currently the most affected by the series of attacks.
How secure your Home Office / Remote Desktop Access environment is?
Are your soultions trustworthy?
Are the data of your company and of employees secured despite of the changed working conditions?
We are here to help you answer the questions above with our Offensive Division’s Home Office specific security assessment solutions!
Regarding our Home Office packages we will provide more information soon on https://www.blackcell.io