Despite recent takedown efforts, persistent Trickbot operators are back with a new module call "Trickboot" that detects UEFI/BIOS firmware vulnerabilities. The Trickbot malware is no longer only at threat to Windows users - it is now targeting Linux systems as well.

 

Security researchers have discovered the notorious Trickbot malware has changed and is now targeting firmware.

The malware, often used by threat actors to drop ransomware, has garnered much attention over the past few months with multiple takedown attempts, including a technical disruption reportedly led by U.S. Cyber Command. Microsoft led a legal takedown in October, which offered a temporary pause in activity. Despite those efforts, Trickbot operators have updated the malware with new capabilities.