The Redmond Cloud
PC Trojan Horse
Cloud Security Editor's Picks Windows 10

Stealthy Trickbot Trojan Can Disable Windows Defender

Don’t look now, but there’s a new threat in town! Well, not exactly new, as Trickbot has been around for a while now. However, it is an evolving one, and things seem to have taken a turn for the worse.

The Trojan has added a new method targeting Windows 10 users, where it not only evades the security of the operating system, but also disables the Windows Defender protection.

Yikes!

If this is the first time you are hearing of this malware, then just know that it is a particularly stealthy banking Trojan that has been wreaking havoc since 2016. It is thought to have compromised somewhere around 250 million email accounts in its effort to distribute the malware payload.

The payload not only steals online banking credentials, but also clears out cryptocurrency wallets.

Microsoft is, obviously, on top of things here. The company has been front and center when it comes to tackling Trickbot campaigns — no surprises here as weaponized Word and Excel files are a favored approach for the malware maker.

But what makes the Trickbot Trojan particularly devastating, and without doubt one of the most dangerous such malware out in the wild now, is how it targets Windows Defender.

That is to say, Windows 10 users that rely on this native protection to secure their computers.

To say that it goes the extra mile is an understatement, as the malware employs no less than 17 steps in an attempt to disable Windows Defender. These include deleting the Windows Defender service, terminating associated processes, disabling real-time protection and deactivating security notifications.

So, how to stay safe from this menace?

Well, a few recommendations are using the AppLocker feature that lets you control which apps and files can run on your system. There is also another way to shield yourself from Trickbot, and that is by using the Tamper Protection options that have been built into the OS.

These, alongside the general computing best practices, including blocking access to Windows Registry.

Terrifying.

Microsoft Azure eBook

Related posts

Microsoft Highlights Its AI Efforts For Helping Endangered Species

Melanie Russell

Microsoft Improves Battery Drain On Chrome Browsers

Sarah Hadley

Windows 10 Build 18956 Flies To The Fast Ring

Fahad Ali

Microsoft Releases Fresh Windows 10 20H1 Preview ISOs

Bradley Phillips

Microsoft Has Open Sourced Its Quantum Development Kit

Melanie Russell

Informatica Teams Up With Microsoft For Cloud Migration

Fahad Ali

Leave a Comment