A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet.
The module, dubbed “rdpScanDll,” was discovered on January 30 and is said to be still in development, said cybersecurity firm Bitdefender in a report shared with The Hacker news.
According to the researchers, the rdpScanDll brute-forcing module has so far attempted to target 6,013 RDP servers belonging to enterprises in telecom, education, and financial sectors in the U.S. and Hong Kong.
The malware authors behind TrickBot specialise in releasing new modules and versions of the Trojan in an attempt to expand and refine its capabilities.
“The flexibility allowed by this modular architecture has turned TrickBot into a very complex and sophisticated malware capable of a wide range of malicious activities, as long as there is a plugin for it,” the researchers said.
“From add-ons for stealing OpenSSH and OpenVPN sensitive data, to modules that perform SIM-swapping attacks to take control of a user’s telephone number, and even disabling Windows built-in security mechanisms before downloading its main modules, TrickBot is a jack-of-all-trades.”
images from Hacker News