TrickBot Switches to a New Windows 10 UAC Bypass to Evade Detection


The TrickBot trojan has evolved again to bolster its ability to elude detection, this time adding a feature that can bypass Windows 10 User Account Control (UAC) to deliver malware across multiple workstations and endpoints on a network, researchers have discovered.

Researchers at Morphisec Labs team said they discovered code last March that uses the Windows 10 WSReset UAC Bypass to circumvent user account control and deliver malware in recent samples of TrickBot, according to a report released last week. UAC  is a Windows security feature designed to prevent changes to an operating system by unauthorized users, application or malware.

Read more…
Source: ThreatPost