One of the Internet’s most aggressive threats could take UEFI malware mainstream
Enlarge (credit: Getty Images)
One of the Internet's most aggressive threats has just gotten meaner, with the ability to infect one of the most critical parts of any modern-day computer.
Trickbot is a piece of malware that's notable for its advanced capabilities. Its modular framework excels at gaining powerful administrator privileges, spreading rapidly from computer to computer in networks and performing reconnaissance that identifies infected computers belonging to high-value targets. It often uses readily available software like Mimikatz or exploits like EternalBlue stolen from the National Security Agency.
Once a simple banking fraud trojan, Trickbot over the years has evolved into a full-featured malware-as-a-service platform. Trickbot operators sell access to their vast number of infected machines to other criminals, who use the botnet to spread bank trojans, ransomware, and a host of other malicious software. Rather than having to go through the hassle of ensnaring victims themselves, customers have a ready-made group of computers that will run their crimeware.
Read 10 remaining paragraphs | Comments