Geeks for your information Security Security Vendors Heimdal Security Heimdal Security Blog Articles v
Windows Defender Vulnerabilities: How the Latest Malware Can Disable It
Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Windows Defender Vulnerabilities: How the Latest Malware Can Disable It
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 12,797
Threads: 8,840
Thanks Received: 8,732 in 6,893 posts
Thanks Given: 9,634
Joined: 12 September 18
#1
Exclamation  11 August 19, 18:34 (This post was last modified: 11 August 19, 18:47 by harlan4096.)
Quote:
[Image: heimdal-logo.svg]

Trickbot and its sneaky ways of disabling Windows Defender without your knowledge. Why you can’t rely on system defenses alone.

Are you relying only on the built-in defenses in your Windows 10 operating system for security? This was never a good idea, but lately, it became even more dangerous. Windows Defender vulnerabilities were uncovered by researchers, far surpassing what users could have expected.

During the past months and even before that, the world of cybersecurity has held its breath over Trickbot updates. The banking Trojan has been around since 2016 and according to recent forensics of it, it has compromised over 265 million email accounts. While the malware is not exactly new, the trickiest part about it (pun intended) is how it manages to adapt.

The most worrisome part of its evolving trajectory is its ability to disable Windows Defender. The latest cybersecurity analysis has revealed that in its latest campaign, Trickbot has been targeting Windows 10 users. Especially in corporate environments (but also inside plenty of home devices), this is the operating system of choice.

How Does Trickbot Work?

Trickbot has been around since 2016 and managed to be a stressful threat ever since. Targeting both individuals and companies, it is a jack of many trades. Every time security has it pinned down and think that a permanent counter has been found, Trickbot resurfaces in an altered form.

This is not about the usual change all malware strains go through to evade detection by simple Antiviruses. Generally, malware developers (hackers) change just a few lines of code to make the malware appear different.

Trickbot’s History of Adapting to Defensive Software

Not so with Trickbot. In this case, whenever Trickbot got reinvented, it also resurfaced with a changed strategy. That’s the main reason for which it wasn’t yet completely eradicated. At the moment, small businesses are the most endangered by Trickbot’s activity.

Over its 3 years of activity, Trickbot wore many disguises and targeted various entities and systems, depending on what was deemed more vulnerable at the time. When it first emerged, it seemed to borrow heavily from Dyrezza, a previous banking Trojan. It also stole data from users via malicious spam.

From its initial emergence, Trickbot proved to be impressively adaptable. It changed tactics from scam emails sending warnings about unpaid bills to account update phishing emails. It could propagate either through infected URLs and malicious email attachments.
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
AdGuard for Mac 2.14
AdGuard for Mac 2....harlan4096 — 09:03
AdGuard VPN for Mac 2.3
AdGuard VPN for Ma...harlan4096 — 08:58
INTEL Arc Graphics 31.0.101.5444
INTEL Arc Graphics...harlan4096 — 08:56
AMD “Strix Halo” Zen5 & RDNA3.5 premium ...
AMD first ultra-hi...harlan4096 — 08:54
Malwarebytes 5.1.3.110
Malwarebytes 5.1.3...Mohammad.Poorya — 00:51

[-]
Birthdays
Today's Birthdays
avatar (42)techlignub
avatar (41)Stevenmam
avatar (48)onlinbah
Upcoming Birthdays
avatar (43)wapedDow
avatar (49)steakelask
avatar (43)Termoplenka
avatar (41)bycoPaist
avatar (47)pieloKat
avatar (41)ilyagNeexy
avatar (49)donitascene
avatar (49)Toligo

[-]
Online Staff
There are no staff members currently online.

>