Burt noted, Trickbot “has modular capabilities that constantly evolve, infecting victims for the operators’ purposes through a “malware-as-a-service” model. Its operators could provide their customers access to infected machines and offer them a delivery mechanism for many forms of malware, including ransomware.”
Microsoft has not identified the operators of Trickbot but its investigation suggests that they “serve nation-states and criminal networks for a variety of reasons.”
According to Burt, In addition to maintaining modular capabilities for a variety of end purposes, the operators have proven adept at changing techniques based on developments in society. Trickbot’s spam and spearphishing campaigns used to distribute malware have included topics such as Black Lives Matter and COVID-19, enticing people to click on malicious documents or links. Based on the data we see through Microsoft Office 365 Advanced Threat Detection, Trickbot has been the most prolific malware operation using COVID-19 themed lures.”
