Trickbot, the notorious botnet and banking Trojan, has a new trick up its sleeve.

According to new research by Eclypsium and Advanced Intelligence, the malware now “makes use of readily available tools to check devices for well-known vulnerabilities that can allow attackers to read, write or erase the UEFI/BIOS firmware of a device.” A threat actor leveraging this capability could use it to attack weaknesses in the booting process to install backdoors, firmware implants or even brick targeted devices.

Eclypsium and Advanced Intelligence researchers say the findings represent an “important advance” in Trickbot’s ever evolving toolset, which is often used by other threat groups to gain an initial foothold into a targeted network before launching further attacks. The malware-delivering botnet has long tentacles – researchers have observed hundreds of thousands of newly infected devices over the past two months, peaking at 40,000 hijackings in a single day – and this new capability takes direct aim at vulnerabilities in the booting process, which is often overlooked within the cybersecurity ecosystem.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.