Don’t look now, but there’s a new threat in town! Well, not exactly new, as Trickbot has been around for a while now. However, it is an evolving one, and things seem to have taken a turn for the worse.
The Trojan has added a new method targeting Windows 10 users, where it not only evades the security of the operating system, but also disables the Windows Defender protection.
If this is the first time you are hearing of this malware, then just know that it is a particularly stealthy banking Trojan that has been wreaking havoc since 2016. It is thought to have compromised somewhere around 250 million email accounts in its effort to distribute the malware payload.
The payload not only steals online banking credentials, but also clears out cryptocurrency wallets.
Microsoft is, obviously, on top of things here. The company has been front and center when it comes to tackling Trickbot campaigns — no surprises here as weaponized Word and Excel files are a favored approach for the malware maker.
But what makes the Trickbot Trojan particularly devastating, and without doubt one of the most dangerous such malware out in the wild now, is how it targets Windows Defender.
That is to say, Windows 10 users that rely on this native protection to secure their computers.
To say that it goes the extra mile is an understatement, as the malware employs no less than 17 steps in an attempt to disable Windows Defender. These include deleting the Windows Defender service, terminating associated processes, disabling real-time protection and deactivating security notifications.
So, how to stay safe from this menace?
Well, a few recommendations are using the AppLocker feature that lets you control which apps and files can run on your system. There is also another way to shield yourself from Trickbot, and that is by using the Tamper Protection options that have been built into the OS.
These, alongside the general computing best practices, including blocking access to Windows Registry.