The newly-created “PowerTrick” backdoor leaves malware ready to accept new commands and victim organizations perpetually in danger of the next thing the malware’s creators can think of.
It’s bad enough to be infected with a sophisticated piece of malware that supports multiple attack functionalities to support a variety of needs by those executing it. But this new version of malware from the cybercriminal group known as TrickBot puts their most valuable targets – usually financial institutions at even higher risk.
According to security researchers at Sentinel One, TrickBot’s latest malware contains a stealthy backdoor tool, dubbed “PowerTrick”, that establishes persistence and allows for reconnaissance and the accepting of future commands, making their malware updatable and extensible as TrickBot sees fit over time.
This is dangerous stuff; whatever the scheme is today, with this new post-exploit tool in place, TrickBot can easily launch a new attack within compromised organizations down the road.
And, while TrickBot have mostly focused on the finance sector, the presence of PowerTrick will simply be the next big thing to be adopted by other malware creators, causing this to become a standard part of the attack. So, organizations of every vertical should take note and put measures in place to come as close to ensuring no malware can infect endpoints as is possible.
This should include Security Awareness Training to reinforce the need for users to remain vigilant, assuming that some small percentage of malware will get past security solutions. Users that undergo this training are cognizant of the need to be watchful of emails and web content that seem suspicious in nature.
PowerTrick is just the first of what will likely become many extensible malware backdoors. You should assume we’ll be seeing more of this kind of methodology used by malware creators, and take steps today to prevent infection.