TrickBot malware has been taken over by this notorious criminal gang

News
By published

Many of TrickBot's top members are now working for the Conti ransomware group

Hacker
(Image credit: ozrimoz / Shutterstock)

After evading law enforcement's takedown attempts over the past four years, TrickBot's days are now numbered as it will soon be replaced by the BazarBackdoor malware.

The reason being is that the top members of TrickBot have joined the Conti ransomware syndicate according to a new report from the cybercrime and adversarial disruption firm Advanced Intelligence (AdvIntel).

For those unfamiliar, TrickBot is a Windows malware platform that utilizes multiple modules to conduct a variety of malicious activities such as information and password stealing, infiltrating Windows domains, gaining access to corporate networks and delivering malware. The developers of TrickBot have partnered with ransomware gangs to take over and infect millions of devices around the world since 2016.

While the Ryuk ransomware gang first partnered with TrickBot to gain access to its technology, the group was replaced by the Conti ransomware gang which has been using its malware over the course of the past year to gain access to corporate networks. According to AdvIntel, the group that managed the various TrickBot campaigns is an elite division of cybercriminals known as Overdose which has brought in at least $200m from its nefarious activities online.

Under new management

Last year security researchers at AdvIntel noticed that Conti had become the only user of TrickBot's botnet product. By the end of 2021 though, Conti had essentially acquired TrickBot with multiple elite developers and managers joining the ransomware gang.

Read More

> Trickbot is no longer the world's leading malware threat

> US military officially confirms action against ransomware groups

> Ransomware is now a billion-dollar market

What sets Conti apart from other ransomware gangs is that it uses a “trust-based, team-based” model as opposed to working with random affiliates. As a result, the group has been better at evading law enforcement than many of its peers.

Going forward, the Conti ransomware group plans to use TrickBot's newer product, the BazarBackdoor malware, as it is stealthier and harder to detect. Although BazarBackdoor used to be a part of TrickBot's larger toolkit, it has since become its own fully autonomous tool according to AdvIntel.

While the TrickBot malware's day in the sun may be over, the Conti ransomware group will continue to target businesses using BazarBackdoor. At the same time, the former leaders of TrickBot are now operating under Conti's direction and the group will likely use their talents to launch even more attack campaigns.

Via BleepingComputer

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
Ransomware
8base ransomware site taken down in global police operation
Hands typing on a keyboard surrounded by security icons
35 years on: The history and evolution of ransomware
A person at a laptop with a cybersecure lock symbol floating above it.
Cybercrime gang targets victims with "triple threat" attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Lock on Laptop Screen
Clop ransomware lists Cleo cyberattack victims
Latest in Security
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
Latest in News
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
More about security
A graphic showing someone on a tablet working through a supply chain.

Security issue in open source software leaves businesses concerned for systems
person at a computer

Infamous ransomware hackers reveal new tool to brute-force VPNs
ViewSonic VP2788-5K Display

Viewsonic's 5K monitor finally goes on sale, but is it already too little too late to make a splash?

See more latest
Most Popular
ViewSonic VP2788-5K Display
Viewsonic's 5K monitor finally goes on sale, but is it already too little too late to make a splash?
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Maxtang SXRL-20 mini pc
This fanless PC looks like a giant heatsink and has one incredible feature: five, yes five, 4K-capable HDMI ports
Aoostar G-flip 370
There's no need for a monitor with this Ryzen AI-powered mini PC
The Ryzen AI Max+ 395 could power the latest generation of powerful mini PCs
This prototype mini PC demonstrates a massive leap forward for integrated graphics in a console form factor
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Minisforum AI X1 mini PC
Tiny Mac Mini rival can power four 8K monitors, and is the first mini PC to receive AMD's powerful Ryzen 7 260 APU
AOOSTAR G-FLIP mini PC
AMD powers the world's fastest all-in-one PC, and yes, I've probably overstretched the definition of AIO PC just a tiny bit
26TB WD Red Pro HDD
Western Digital introduces 26TB WD Red Pro HDDs for RAID and NAS systems at a surprisingly low price