New TrickBot Version Focuses on Microsoft's Windows Defender (Jul 30, 2019)
A new TrickBot has been identified by researchers at MalwareHunterTeam, targeting Windows Defender. TrickBot, is a trojan that steals browser information, credentials, cryptocurrency, and online banking credentials. The new version specifically targets Microsoft’s Windows Defender for removal, in order to go undetected. The loader disables processes utilized by Windows Defender, along with disabling Windows Security notifications and the program itself. This new version of TrickBot has added more methods to further disable processes related to Windows Defender.
Recommendation: Methods for bypassing security are always evolving. Always practice Defence in Depth, do not rely on a single security mechanism - security measures should be layered, redundant, and failsafe.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.