HomeTech PlusTECH & OTHER NEWSNew Trickbot module uses Masscan for local network reconnaissance

New Trickbot module uses Masscan for local network reconnaissance

Network Big Data Transfer
Getty Images/iStockphoto

Cyber-security experts say they spotted a new component of the Trickbot malware that performs local network reconnaissance.

Named masrv, the component incorporates a copy of the Masscan open-source utility in order to scan local networks for other systems with open ports that can be attacked at a later stage.

The idea behind masrv is to drop the component on newly infected devices, send a series of Masscan commands, let the component scan the local network, and upload the scan results to a Trickbot command and control server.

If the scan finds systems with sensitive or management ports left open inside an internal network —which is very common in most companies— the Trickbot gang can then deploy other modules specialized in exploiting those loopholes and move laterally to infect new systems.

Most likely a test module for now

“Not overall novel — but strange for it to be included in Trickbot,” Suweera DeSouza, a malware analyst at Kryptos Logic, and the one who discovered masrv, told ZDNet today.

DeSouza said she believes the module is still under testing, something that Trickbot has done before with other modules in the past, which have often ended up being added to its large arsenal of second-stage components.

“We only came across one variant of this module,” DeSouza said.

“The recent module compiled was on December 4, 2020. Since then we haven’t come across the module being used again.”

A technical analysis and indicators of compromise for the new masrv Trickbot module, authored by DeSouza and her colleagues, is available on the Kryptos Logic blog.

Trickbot is the new king after Emotet’s demise

Other malware strains have also been known to include network reconnaissance modules before but such modules aren’t a common sighting.

After law enforcement agencies have taken down the Emotet malware botnet last week, Trickbot is now considered the primary de-facto threat to corporate environments.

Trickbot, too, narrowly survived a takedown attempt itself, last fall. After several ups and downs, the botnet came back to life again towards the end of January.

By ZDNet Source Link

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS