If you’re amongst those who trust Windows Defender to stay protected from malware, consider this as a warning.
A more advanced malware campaign is heading for Windows 10 built-in security software Windows Defender.
Hello TrickBot
TrickBot a password-stealing banking Trojan developed in 2016 has come out of shadows and is going that extra malware mile.
After targeting a wide array of international banks via webinject, to steal online banking details, browser information, cryptocurrency wallet and more, TrickBot is now aiming for Windows 10 security software – Windows Defender.
img src: trojan-killer.net
Here, we bring for you an insight of what TrickBot does? How TrickBot affects Windows 10 users and how to stay protected from it?
What does TrickBot Malware do?
Since 2016 TrickBot modular banking Trojan has compromised not less than 250 million email accounts and has distributed malware payload. Its newer version now has eyes on Windows Defender, Windows 10 – security software.
TrickBot deactivated this security software to prevent its detection and steal users’ financial information. When TrickBot Trojan is executed for the first time it starts a loader to gain admin access and disable Windows Defender services.
Methods like malicious spam campaigns, spear phishing, emails disguised as unpaid invoices or requests to update account information are used to install Trojan itself.
Deactivation of Windows Defender
This is what makes TrickBot hazardous and dangerous. Its latest strain is so advanced that it can not only bypass Windows Defender but can disable it. This means Windows 10 users who trust Windows Defender to stay protected from malware threats are at risk.
Not less than 17 steps are employed to disable Windows Defender. This includes disabling, terminating and deleting WinDefend service, the process associated with Windows Defender.
How Windows Defender is disabled?
To disable Windows Defender a Windows policy is added that deactivates Windows Defender, its real-time protection and security notifications.
In some cases, if this method doesn’t alternate ways like changing registry settings, PowerShell commands are used to stop Windows Defender.
With that said, the first question that comes to our mind is can we stay protected from TrickBot?
Stopping such Trojan from causing harm isn’t easy but by blocking access to Windows Registry and making sure that user doesn’t have admin rights we can make things tricky for TrickBot.
In addition to this, you can use security programs like Advanced System Protector to detect and delete TrickBot and similar threats.
Also, AppLocker a feature included in Windows 10 that most users aren’t aware of can be enabled.
AppLocker helps to control which apps should run. This includes scripts, executable files, Windows Installer files, DLLs, packages app installers and more.
Our recommendation is Advanced System Protector as it helps to protect home and business users. To avoid risking your data you can download the product now. further, for time being avoid installing Microsoft 365 updates.
We will be updating this post from time to time as new information is received.
Follow us:
Leave a Reply