Activity of the TrueBot downloader trojan botnet, which is associated with the Silence threat operation linked with Evil Corp, has significantly increased last month, reports The Hacker News.
New TrueBot malware attacks may have been facilitated through software update lures, with intrusions commencing with the drive-by-download of the "update.exe" file from Google Chrome, with the executable then connecting with a Russia-based TrueBot IP address to enable second-stage executable retrieval, according to a VMware report. Data exfiltration follows after the executable communicates with the command-and-control domain.
"TrueBot can be a particularly nasty infection for any network. When an organization is infected with this malware, it can quickly escalate to become a bigger infection, similar to how ransomware spreads throughout a network," said VMware researcher Fae Carlisle.
The findings come amid the emergence of new downloader malware, including an updated variant of the GuLoader malware, also known as CLoudEyE, which SonicWall researchers discovered could circumvent the analysis process.
Organizations in the government, real estate, telecommunications, retail, and other sectors across the U.S., Africa, and the Middle East have been subjected to intrusions under the new CL-STA-0002 threat cluster.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news