TrickBot Group Adds New PowerShell-Based Backdoor to Arsenal

TrickBot Group Adds New PowerShell-Based Backdoor to Arsenal

PowerTrick is sort of a custom version of PowerShell Empire and can be used to download additional malware, according to SentinelOne.

Russia's infamous TrickBot organized cybercrime group has a new trick up its sleeve for high-value targets — a custom fileless PowerShell-based backdoor designed for stealth, persistence and reconnaissance inside infected networks.

SentinelOne, which has been tracking the malware, has dubbed it PowerTrick. In a blog post Thursday, the vendor described the new malware as having similar capabilities as the PowerShell Empire open source penetration-testing tool but being harder to detect because it is custom developed.

Vitali Kremez, lead cybersecurity researcher at SentinelOne's SentinelLabs, says PowerTrick is a fileless post-exploitation tool that TrickBot operators are using to stealthily drop additional malware on systems belonging to organizations the group perceives as being of high value.

Read the full story. 

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish