As if the world didn’t have enough to worry about right now, it’s been discovered that hackers have updated the trickbot malware to specifically target telecom firms as well as the education and financial service sectors.

That’s according to research just published by a US cyber security firm who warned the industry that the new version of trickbot has likely been active for two months already and appears to be targeting financial data and intellectual property (IP’s).

The new version of trickbot malware (we won’t dignify it by capitalising it), known as rdpScanDIII, has been specially created to conduct brute-force attacks on Remote Desktop Protocols (RDPs).

According to the data released and based on the IP addresses being targeted researchers believe telecom companies are being targeted for the possible purpose of espionage.

The new version of the software relies on command-and-control (C2) servers, and as you may know… those are predominantly based in Russia and Northern Europe.

Initially the trickbot malware will download a list of targets, usernames and passwords from said C2 servers. Then, after it’s checked the target is running an RDP service it will carry out a manually ordered brute-force attack on the list of domains.

First discovered back in 2016, trickbot malware was created as a banking Trojan, looking for any sensitive information it could get, however, the modular nature of the malware means it’s far too easy to modify it to perform different types of malicious activities.

That modular nature is probably the main reason it’s, unfortunately, become one of the most sophisticated forms of malware attack on the globe today.

With over a dozen known modules that include:

• Reconnaissance software enabling attackers to steal information on systems
• Software packages that allow a worm-like spread
• Remote Admin Programmes to access compromised systems

In January, cyber-security experts warned that the cyber-criminals behind the trickbot malware have now expanded its offensive capabilities with a  PowerShell-based backdoor, enabling them to target high-value businesses.

The new Trickbot backdoor is designed for persistence, stealth, and reconnaissance on compromised machines.