A malicious live software service named TrickGate has been used by attackers for over six years to bypass endpoint detection and response (EDR) protection software.
The findings are from Check Point Research (CPR), Information security early today.As described in the new advisory, the research identified multiple threat actors from the following groups: emotionsREvil, and Maze have exploited this service to deploy malware.
More specifically, CPR estimates that attackers used TrickGate to launch between 40 and 650 attacks per week over the past two years. Victims were primarily in the manufacturing sector, but also in education, healthcare, finance, and businesses.
“Attacks are distributed around the world, with increasing concentrations in Taiwan and Turkey,” CPR wrote.
according to CPRTrickGate has managed to stay under the radar for years due to its transformative nature of undergoing regular changes.
“While the packer wrapper has changed over time, key building blocks within the TrickGate shellcode are still in use today,” he said. Recommendation.
From a technical perspective, CPR security researcher Arie Olshtein writes that malicious programs are encrypted and packed with special routines. This routine is designed to bypass protected systems and prevent them from detecting payloads statically and at runtime.
Additionally, Ziv Huyan, Manager of the CPR Malware Research and Protection Group said: Information security The team connected the dots from previous research, pointing to a single operation that appears to be offered as a service.
“The fact that many of the biggest threat actors in recent years have chosen TrickGate as their tool of choice to overcome their defense systems is noteworthy,” Huyan explains.
“We have observed the emergence of TrickGate written using different file types, utilizing different types of code languages. However, the core flow remained relatively stable. The same technology is still used today.”
Another malware designed to avoid detection is SparkRAT. recently expanded The DragonSpark group targets East Asian organizations.
