Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting companies in the U.S. and Canada with the intention of extracting confidential data from infiltrated systems.

These sophisticated attacks exploit a critical vulnerability (CVE-2022-31199) in the widely used Netwrix Auditor server and its associated agents.

This vulnerability enables unauthorized attackers to execute malicious code with the SYSTEM user's privileges, granting them unrestricted access to compromised systems.

The TrueBot malware, linked with cybercriminal collectives Silence and FIN11, is deployed to siphon off data and disseminate ransomware, jeopardising the safety of numerous infiltrated networks.

The cybercriminals gain their initial foothold by exploiting the cited vulnerability, then proceed to install TrueBot. Once they have breached the networks, they install the FlawedGrace Remote Access Trojan (RAT) to escalate their privileges, establish persistence on the compromised systems, and conduct additional operations.

"During FlawedGrace's execution phase, the RAT stores encrypted payloads within the registry. The tool can create scheduled tasks and inject payloads into msiexec[.]exe and svchost[.]exe, which are command processes that enable FlawedGrace to establish a command and control (C2) connection to 92.118.36[.]199, for example, as well as load dynamic link libraries (DLLs) to accomplish privilege escalation," the advisory says.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.