SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Trickbot trojan re-emerges with a new module for spying
Description: After an attempted takedown attempt, security researchers are seeing increased command and control (C2) traffic around the Trickbot malware. The botnet also has a new version of its “vncDll” module, which is used for monitoring and intelligence gathering. This module appears to be actively updated with bug fixes and additional functionality. Currently, it creates a virtual desktop that mirrors the target’s desktop and steals information by monitoring the screen. Trickbot traditionally downloads new payloads to carry out additional attacks, opens the target’s documents and email and uploads data to the C2.
Snort SIDs: 57948 - 57950
Title: Shlayer malware still using fake Flash updates
Description: Even though Adobe has discontinued support for Flash Player, attackers are still capitalizing on it. Operators behind the Shlayer malware send macOS users fake Flash Player update notifications, hoping to trick users into clicking on malicious links. The malware completes its install when the user downloads the malicious file. Shlayer is a well-known malware that’s been targeting MacOS users for at least three years. Once installed, Shlayer deploys adware on the affected machine and eventually fetches additional payloads, usually also adware.
Snort SIDs: 57919, 57920