Hidden Desk Top Installed by Trickbot Malware
Target: Online banking users.
Attack Vector: Virtual Desktop in Windows.
Summary: Trickbot malware has seen a recent surge in activity, driven by a the addition of a new module, making it very powerful tool. It allows an attacker to compromise and gain full control of a target machine, in some cases without the victim even being aware. This new module uses a technique more commonly associated with RATs (Remote Access Trojans), called “Hidden VNC” (virtual network computer) and allows attackers to gain full user-level access to a target machine. The new module appears to be still in development and could evolve into a fully working RAT module.
Risk assessment summary: The threat is assessed as 3c MODERATE. If successful, this backdoor Trojan technique installs Trickbot malware inside infected systems. Due to the advanced module, it can be difficult to detect any changes in system behaviors. Therefore, the Trickbot malware can lie undetected and enable an attacker to steal documents. gather information on the connected system, server types, network drives, mac addresses, computer names and IP addresses. The risk is also heightened as the Trickbot malware may be expanded further to have full RAT capabilities.