TrickBot cybercrime ring develops fileless backdoor


By Dylan Bushell-Embling
Tuesday, 14 January, 2020

TrickBot cybercrime ring develops fileless backdoor

The Russian cybercrime ring behind the TrickBot banking Trojan has developed a new fileless backdoor to adapt to the new age of cybersecurity controls, according to SentinelLabs researchers.

The TrickBot enterprise, which has shifted focus to enterprise environments, is using the PowerShell-based PowerTrick backdoor to bypass restrictions and security controls and monitor high-value infected systems post compromise.

PowerTrick can execute commands over a repurposed TrickBot module named NewBCtest, with the first command being downloading a larger backdoor.

The threat actors also commonly utilise other PowerShell utilities to conduct various tasks, such as pivoting an infection to another framework and to expand to other systems.

The attack also involves using PowerShell to delete any existing files that did not execute properly and to perform lateral movement inside an enterprise environment to high-value systems such as financial gateways.

“Their offensive tooling such as PowerTrick is flexible and effective, which allows the TrickBot cybercrime actors to leverage them to augment on the fly and stay stealthy as opposed to using larger more open source systems such as PowerShell Empire,” SentinelLabs’ Chief Researcher Vitali Kremez said.

Image credit: ©stock.adobe.com/au/maciek905

Related News

DigiCert acquires Valimail to boost email security

DigiCert has acquired DMARC provider Valimail in a bid to enhance its email authentication...

Akamai adds secure browser to ZTNA portfolio

Akamai has partnered with Seraphic to incorporate secure enterprise browser capabilities into its...

Rubrik announces CrowdStrike Falcon integration

Rubrik has announced the integration of its Rubrik Identity Resilience solution with the...


  • All content Copyright © 2025 Westwick-Farrow Pty Ltd