Getty Images / iStockphoto

According to their own statements, cyber security experts have discovered a new component of the Trickbot malware that carries out the local network investigation.

Called masrvThe component contains a copy of the open source Masscan utility to scan local area networks for other systems with open ports that could be attacked at a later date.

The idea behind masrv is to put the component on newly infected devices, send a series of masscan commands, let the component scan the local network and upload the scan results to a Trickbot command and control server.

If the scan finds systems with confidential or management ports that remain open on an internal network – which is very common in most organizations – the Trickbot group can deploy other modules that specialize in exploiting these loopholes and move sideways …



Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.