Cyber attackers continue to move down the compute stack with the latest variant of TrickBot now targeting firmware for malicious manipulations. This is when it gets serious. The firmware sits below the operating system and is a perfect place for malware to hide from detection or eviction. It is very tough to accomplish, but if successful, the TrickBot authors may be able to perform a disappearing act to the frustration of security software.
The TrickBot botnet has already proven resilient and has continuously evolved since its introduction in 2016. Its authors are considered highly capable and very active.
Researchers are evaluating the new functionality, dubbed TrickBoot, to determine its limitations and see how dangerous it has become. A more clear picture should emerge in the next few weeks.
Comments