TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control – The Hacker News

AVvXsEjtABJtT4zheeL0GMjWhl2OjB3Do 4F7ldpyEPdM cfDSLIJU8NaQk VLf7iknCvtaVVH7IC21zhlVJUfWSa8SxMjevGqJqVH0JW480uIDFhKz M107U4ZX5oOYC HkCLNPWd1C B whSRDYpoJVl EjsCQcwPGktu3RIhNMEVHcvuB5EOa4PO0ebGT ProxyEgg TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control - The Hacker News

Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers.

“By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds another persistence layer that helps malicious IPs evade detection by standard security systems,” Microsoft’s Defender for IoT Research Team and Threat Intelligence Center (MSTIC) said.

Automatic GitHub Backups

TrickBot, which emerged as a banking trojan in 2016, has evolved into a sophisticated and persistent threat, with its modular architecture enabling it to adapt its tactics to suit different networks, environments, and devices as well as offer access-as-a-service for next-stage payloads like Conti ransomware.

The expansion to TrickBot’s capabilities comes amid reports of its infrastructure going offline, even as the botnet has continually refined its features to make its attack framework durable, evade reverse engineering, and maintain the stability of its C2 servers.

AVvXsEgmGbCwyvXca5lxmYnBKqNHp3ZW7Dy8L XgAoMIE9Iq7RI3R9zdqxbDadh7h3INXYIN9js Gkv7LQZkw19gcdGmfwTG L Gf 49W2twor70 ProxyEgg TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control - The Hacker News

Specifically, the new method identified by MSTIC involves leveraging hacked IoT devices such as routers from MikroTik to “create a line of communication between the TrickBot-affected device and the C2 server.”

Prevent Data Breaches

This also entails breaking into the routers by using a combination of methods, namely default passwords, brute-force attacks, or exploiting a now-patched flaw in MikroTik RouterOS (CVE-2018-14847), followed by changing the router’s password to maintain access.

In the next step, the attackers then issue a network address translation (NAT) command that’s designed to redirect traffic between ports 449 and 80 in the router, establishing a path for the TrickBot-infected hosts to communicate with the C2 server.

While potential connections between TrickBot and compromised MikroTik hosts were hinted before in November 2018, this is the first time the exact modus operandi has been laid bare open. With the malware reaching its limits last month and no new C2 servers registered since December 2021, it remains to be seen how the malware authors intend to take the operation forward.

“As security solutions for conventional computing devices continue to evolve and improve, attackers will explore alternative ways to compromise target networks,” the researchers said. “Attack attempts against routers and other IoT devices are not new, and being unmanaged, they can easily be the weakest links in the network.”

Source of this news: https://thehackernews.com/2022/03/trickbot-malware-abusing-hacked-iot.html

Related posts:

Early-life activities mediate the association between family socioeconomic status in early childhood...
1.Bradley, R. H. & Corwyn, R. F. Socioeconomic status and child development. Annu. Rev. Psychol. 53, 371–399 (2002).Article  Google Scholar  2.McPhillips, M. & Jordan-Black, J.-A. ...
1337x Proxy and Mirror Sites in 2021 (100% Tried & Tested) - Robots.net
Torrenting and torrents are still very much alive and kicking at the moment. One very popular torrent website today is 1337x. However, what happens when such torrent sites get blocked or beco...
'House Of Sticks' Is An Immigrant Success Story With Filial Bonds At The Core - NPR
House of Sticks: A Memoir, Ly Tran Scribner hide caption toggle caption Scribner House of Sticks: A Memoir, Ly Tran Scribner Ly Tran's memoir House of Sticks bring...
What Are the Main Use Cases of Proxies? - jim o brien
Have you ever tried accessing data on the internet only to realize that it is restricted to your location? In this case, a proxy server can be valuable. Other than unblocking content online, proxy se...
Fix If your Google Drive Not Syncing - The Laconia Daily Sun
Cloud storages become a leading solution for some individual and organization users due to enhanced data accessibility and safety. That is, many users choose to save their important data to a cloud ...
400 Banks' Customers Targeted who have Anubis Trojan - Threatpost
Its administrator of your personal reports will be Threatpost, Inc., 60 Unicorn Park, Woburn, EPPURE 01801. Detailed information on some processing of personal data is in the privacy policy . I...
Proxy Vs. VPN: What’s The Difference? - Forbes
VPNs and proxies both obscure your internet protocol (IP) address, making it seem as though you are browsing from a different location. However, while they may have some similar benefits (like spoofi...
Just what precisely are Proxies Used For? - Nerd Vibes Nation
Many people find out about proxy server when they start exploring various ways of protecting their expertise online. Over the years, proxies are incredibly very popular both in commercial coupled wi...
Virtual Private Network (VPN) Market Growth Factors, Applications, Regional Analysis, Key Players An...
Virtual Private Network (VPN) Market extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were ...
Form 10-K FOCUS UNIVERSAL INC. For: Dec 31 - StreetInsider.com
News and research before you hear about it on CNBC and others. Claim your 1-week free trial to StreetInsider Premium here. Table of Contents UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washing...
Secure Web Gateway vs VPN vs Proxy vs CASB: What's the difference? - TechRadar
Cloud computing has been around for over two decades and more and more businesses are choosing the cloud over on-site servers because of its scalability, cost-effectiveness, and overall business effi...
Cyber-terrorist targeting outdated versions at Linux in the cloud tutorial Security Magazine
<! -- |""|class i|section i. existence|thesaurus of english words and phrases|words expressing abstract relations|%|1. being, in the abstract} Hackers targeting outd...
How to Improve your SEO in 2021 - The Hilltop News
Most online businesses have an eye for the first position on search engine results pages. This is because the top part attracts a large number of visitors. The top position is also the place where bu...
How To Fix '502 Bad Gateway Error' issue - BollyInside
This tutorial is about the How To Fix ‘502 Bad Gateway Error’ issue. We will try our best so that you understand this guide. I hope you like this blog How To Fix ‘502 Bad Gateway Error’ issue. If you...
What is Incognito? How to access it in different browsers - H2S Media
Incognito mode is a tool to protect your online privacy. In a browser, it is a private window that makes sure that your personal information such as browsing history, search records cookies, or au...
Real-time Analytics News for Week Ending November 13 - RTInsights
In this week’s real-time analytics news: NVIDIA made multiple announcements at its GPU Technology Conference, UiPath introed new features, and more. Keeping pace with news and developments in the ...
Forensic Methodology Report: How to catch NSO Group's Pegasus - Amnesty International
Introduction NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime”  and “leaves no traces whatsoever”. This Forensic Methodology Report shows that neither o...
Choose a Proxy Server and / or maybe VPN in 2022? guidebook jim o brien
Both VPN and also proxies appear to have become buzzwords in the world of internet security. Few people know the difference or this also actual benefits either with this two options offers, thoug...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30