skip to Main Content

Cybercrime, TrickBot now uses an obfuscated batch script launcher

Bleeping Computer: TrickBot now uses an obfuscated batch script launcher to evade detection

TrickBot has new and advanced evasive capabilities. It has been denounced by Bleeping Computer cybersecurity experts, who explain that one of them is its use of an obfuscated batch script launcher to jumpstart malicious executables. The fact that batch scripts need no interpreter but Microsoft Windows’ inbuilt command prompt makes this evasion technique self-contained and minimalistic. A BAT script launcher.bat is being run by a scheduled task set up by the malware. It and the executable it launches are present in the same directory. TrickBot is commonly installed via malicious phishing emails or other malware. When installed, it will quietly run on a victim’s computer while it downloads other modules to perform different tasks. Furthermore, it finish an attack by giving access to cybercrime actors who deploy either the Ryuk or Conti ransomware on the compromised network.

Back To Top