Trickbot is using MikroTik routers to ply its trade. Now we know why
For years, malicious hackers have been hacking large fleets of MikroTik routers and conscripting them into Trickbot, one of the Internet’s most destructive botnets. Now, Microsoft has finally figured out why and how the devices are being put to use.
Trickbot came to light in 2016 as a trojan for stealing account passwords for use in bank fraud. Since then, it has mushroomed into one of the Internet’s most aggressive threat platforms, thanks to its highly modular, multi-stage malware framework that provides a full suite of tools that are used to install ransomware and other forms of malware from other hacking groups.
The malware driving Trickbot is notable for its advanced capabilities. It excels at gaining powerful administrator privileges, spreading rapidly from computer to computer in networks, and performing reconnaissance that identifies infected computers belonging to high-value targets. It often uses readily available software like Mimikatz or exploits like EternalBlue stolen from the National Security Agency.