Recently, a new Trickbot campaign has been detected by security researchers just a few months after Trickbot operations were shut down by a coalition of cybersecurity and technology companies. TrickBot is one of the longest-lived botnets on the internet and represents a major threat to businesses and other organizations because it serves as a distribution platform for the infamous Ryuk ransomware and other threat actors.
Trickbot initially came to action as a banking Trojan and later evolved to be a well-known malware among cyber criminals and was used for various types of cyber attacks. But in October 2020, Microsoft along with several federal agencies and some security firms dismantled the infrastructure behind Trickbot. However, security researchers have identified an ongoing malware campaign and predicted it to be a Trickbot operation.
The campaign mainly targets legal and insurance companies by sending phishing emails which contains a link redirecting to a server that downloads a malicious payload. This is a typical technique used by Trickbot campaigns and analysis of this payload indicates that it connects to domains which are known to distribute Trickbot malware. Hence t is evident that Trickbot is again rising as a major threat to several organizations and proper security patches must be applied in order to avoid Trickbot attacks.