Check Point Research recently uncovered a shellcode-based packer, TrickGate, which has been used by threat actors to deploy a wide range of malware for over six years without being detected. Arie Olshtein, a researcher at Check Point, called TrickGate a "Master of disguises" due to its ability to transform itself periodically. TrickGate is offered as a service to other threat actors and helps conceal payloads behind a layer of wrapper code in order to bypass security solutions. It has been tracked under various names such as new loader, Loncom, and NSIS-based crypter since 2019. The manufacturing sector has been the primary target of the threat actors leveraging TrickGate, with education, healthcare, government, and finance verticals also being targeted. The infection chain involves sending phishing emails with malicious attachments or booby-trapped links that lead to the download of a shellcode loader. This loader is responsible for decrypting and launching the actual payload into memory. Check Point's analysis of the shellcode shows that it has been constantly updated since 2016.
This Cyber News was published on thehackernews.com. Publication date: Tue, 31 Jan 2023 11:13:02 +0000