TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection


Level 37
Feb 4, 2016
The TrickBot Trojan has received an update that adds a UAC bypass targeting the Windows 10 operating system so that it infects users without displaying any visible prompts.
A UAC bypass allows programs to be launched without displaying a User Account Control prompt that asks users to allow a program to run with administrative privileges.


Level 42
Content Creator
Apr 24, 2016
To prevent malware from exploiting this UAC bypass technique, the security researcher recommends that users stop using administrator accounts as their default users, and set the UAC level to “Always notify,” just to be on the safe side.

Sampei Nihira

Level 6
Dec 26, 2019
.....As more users move to Windows 10 and as Windows Defender matures, more malware has begun to target the operating system and its security features.....

W.XP = 2 vs W.10 = 0

If any MT member is interested, in OSA it has a specific rule (which in my version can create many FPs so better to check subsequent versions) also for protection from Fodhelper.

**** Added ***

Regarding the GootKit trojan I inform you that in OSA there is a specific rule for WMIC which therefore interrupts the sequence of possible infection.
Last edited: