After evading law enforcement takedown attempts for the past four years, TrickBot is now numbered as it will soon be replaced by the BazarBackdoor malware.
The reason is that the top members of TrickBot have joined the Conti ransomware syndicate according to a new report by cybercrime and adversarial disruption company Advanced Intelligence (AdvIntel).
For those unfamiliar, TrickBot is a Windows malware platform that uses multiple engines to perform a variety of malicious activities such as: TrickBot developers have teamed up with ransomware gangs to take over and infect millions of devices around the world since 2016.
While the Ryuk ransomware gang initially worked with TrickBot to gain access to its technology, the group was replaced by the Conti ransomware gang, which has used their malware to gain access to corporate networks over the past year . According to AdvIntel, the group that has managed the various TrickBot campaigns is an elite cybercriminal branch called Overdose, which has raked in at least $200 million from their nefarious online activities.
Under new management
Last year, security researchers from AdvIntel found that Conti had become the sole user of TrickBot’s botnet product. However, by the end of 2021, Conti had essentially taken over TrickBot, with several elite developers and managers joining the ransomware gang.
> Trickbot is no longer the world’s leading malware threat
> US military officially confirms crackdown on ransomware groups
> Ransomware is now a billion dollar market
What sets Conti apart from other ransomware gangs is that it uses a “trust-based, team-based” model rather than working with random partners. As a result, the group was better at evading law enforcement than many of its competitors.
Going forward, the Conti ransomware group plans to use TrickBot’s newer product, the BazarBackdoor malware, as it is more stealthy and harder to detect. Although BazarBackdoor used to be part of TrickBot’s larger toolkit, it has since grown into its own fully autonomous tool, according to AdvIntel.
While the TrickBot malware day may be over, the Conti ransomware group will continue to target companies using BazarBackdoor. At the same time, TrickBot’s former leaders are now operating under the direction of Conti, and the group will likely use their talents to launch even more campaigns of attack.
- We also featured the best antivirus and best ransomware protection
About Beeping computer
This article was previously published on Source link
