TrickBot malware operation shuts down, devs move to stealthier malware


Level 71
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
The TrickBot malware operation has shut down after its core developers move to the Conti ransomware gang to focus development on the stealthy BazarBackdoor and Anchor malware families.

TrickBot is a notorious Windows malware infection that has dominated the threat landscape since 2016.

The malware is commonly installed via malicious phishing emails or other malware, and will quietly run on a victim's computer while it downloads modules to perform different tasks.

These modules perform a wide range of malicious activities, including stealing a domain's Active Directory Services database, spreading laterally on a network, screen locking, stealing cookies and browser passwords, and stealing OpenSSH keys.

TrickBot also has a long relationship with ransomware operations who partnered with the TrickBot group to receive initial access to networks infected by the malware.

In 2019, the TrickBot Group partnered with the Ryuk ransomware operation to provide the ransomware gang initial access to networks. In 2020, the Conti ransomware group, believed to be a rebrand of Ryuk, also partnered with TrickBot for initial access.

In 2021, TrickBot attempted to launch their own ransomware operation called Diavol, which has never really picked up steam, possibly because one of its developers was arrested.

Despite numerous takedown attempts by law enforcement, TrickBot had successfully rebuilt its botnet and continued to terrorize Windows networks.

That is until December 2021, when TrickBot distribution campaigns suddenly ceased.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.