TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The TrickBot Trojan has received an update that adds a UAC bypass targeting the Windows 10 operating system so that it infects users without displaying any visible prompts.
A UAC bypass allows programs to be launched without displaying a User Account Control prompt that asks users to allow a program to run with administrative privileges.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
To prevent malware from exploiting this UAC bypass technique, the security researcher recommends that users stop using administrator accounts as their default users, and set the UAC level to “Always notify,” just to be on the safe side.
 

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
.....As more users move to Windows 10 and as Windows Defender matures, more malware has begun to target the operating system and its security features.....

W.XP = 2 vs W.10 = 0

If any MT member is interested, in OSA it has a specific rule (which in my version can create many FPs so better to check subsequent versions) also for protection from Fodhelper.

**** Added ***

Regarding the GootKit trojan I inform you that in OSA there is a specific rule for WMIC which therefore interrupts the sequence of possible infection.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top