Check Point Research recently uncovered a malicious software service, known as TrickGate, that has been used by cybercriminals for over six years. TrickGate is a packer that allows malicious actors to deploy malicious code while avoiding detection from antivirus programs. Researchers have identified a few key points that have enabled TrickGate to remain undetected for so long. Firstly, packers can contain any kind of payload, meaning they can be used to pack many different malicious samples. Secondly, packers can be changed regularly, allowing them to evade detection from security products. CPR was able to trace the service back to a single operation and found that numerous threat actors have exploited it to deploy malware. It is estimated that 40 to 60 attacks have been conducted each week over the last two years, with the manufacturing industry being the most targeted. Other industries such as education, healthcare, finance, and business enterprises have also been affected. The attacks have been distributed all over the world, with an increased concentration in Taiwan and Turkey. The most popular malware family used in the last two months is Formbook, which accounts for 42% of the total tracked distribution. CPR security researcher Arie Olshtein has gone into technical depth, explaining that the attack flow of TrickGate involves the malicious program being encrypted and then packed with a special routine. This is designed to prevent the system from detecting the payload. The advisory concludes with the need for more attention to be given to packers, as they provide a way to detect threats at an early stage. The only way to tackle a hacker's transformative abilities is by giving them the same attention that is given to actual malware. Researchers can now use TrickGate as a focal point to detect new or unknown malware.
This Cyber News was published on www.hackread.com. Publication date: Thu, 02 Feb 2023 22:39:02 +0000