An international team of specialists conducted a clean-up operation on the Trickbot, which has infected more than one million computers since 2016.
The first attempt to disarm the botnet was recorded by KrebsonSecurity. However, who was behind it was not known for certain at the time.
According to the Washington Post, the US military was involved in the operation to disable the botnet. According to their version, the Trickbot is controlled by „Russian-speaking criminals“ and could potentially threaten the elections in the United States.
The campaign to disable the botnet does not imply its complete disabling, but aims to permanently influence the enemy, the publication writes with reference to anonymous sources.
Microsoft later published a statement on the disruption Crypto Engine operation Trickbot in conjunction with an international group of partners.
In addition to Microsoft’s digital crime unit, it included specialists from ESET, NTT, Black Lotus Labs and others.
„We have disabled key infrastructure so that Trickbot operators cannot initiate new infections or activate extortion programs already loaded into computer systems,“ Microsoft said in a statement.
Jean-Yang Butin, Head of Threat Research at ESET, stressed that Trickbot is one of the largest and longest-living botnets:
„It is one of the most widespread families of banking malware, threatening Internet users around the world. The banking trojan steals credentials from online accounts and tries to make fraudulent transfers“.
ESET representatives told ForkLog that recently specialists have seen a series of Trickbot attacks on systems already compromised by another major botnet, Emotet.
During a conversation with Bleeping Computer, Butin noted that during the operation, cybersecurity specialists contacted law enforcement agencies, but was unaware of its connection to the US military campaign against Trickbot.
The Black Lotus Labs report said that the efforts of specialists would make it difficult for hackers to work and increase the cost of restoring some of the destroyed infrastructure. However, this may not completely eliminate the threat, says Black Lotus Labs.
Originally known as the bank trojan Trickbot, it was later used not only to steal personal data and credentials, but also to spread Ryuk extortionists.
Subscribe to ForkLog news in Telegram: ForkLog Feed is the whole news feed, ForkLog is the most important news and surveys.