TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection

LASER_oneXM

Level 37
Verified
Feb 4, 2016
2,592
The TrickBot Trojan has received an update that adds a UAC bypass targeting the Windows 10 operating system so that it infects users without displaying any visible prompts.
A UAC bypass allows programs to be launched without displaying a User Account Control prompt that asks users to allow a program to run with administrative privileges.
 

Gandalf_The_Grey

Level 42
Verified
Trusted
Content Creator
Apr 24, 2016
3,110
To prevent malware from exploiting this UAC bypass technique, the security researcher recommends that users stop using administrator accounts as their default users, and set the UAC level to “Always notify,” just to be on the safe side.
 

Sampei Nihira

Level 6
Verified
Dec 26, 2019
287
.....As more users move to Windows 10 and as Windows Defender matures, more malware has begun to target the operating system and its security features.....

W.XP = 2 vs W.10 = 0

If any MT member is interested, in OSA it has a specific rule (which in my version can create many FPs so better to check subsequent versions) also for protection from Fodhelper.

**** Added ***

Regarding the GootKit trojan I inform you that in OSA there is a specific rule for WMIC which therefore interrupts the sequence of possible infection.
 
Last edited:
Top