Cyber security news for all

More

    Trojan TrickBot is now able to bypass Windows 10 security functions

    A new variant uses a bypass called a fodhelper. A legitimate Windows file is used. It is supposed to help users to run certain programs even without administrator rights.

    The Trickbot Trojan and Windows 10

    The Trojan TrickBot is now able to bypass Windows 10 security functions using a process that is supposed to help Windows 10 users to run programs without administrator rights. The Trojan keeps learning. The Trojan can now bypass user account control (UAC) and how it can go unnoticed by the user. Undetected means that the trojan can gain admin rights without the user receiving visible prompts.The whole thing is based on the Windows 10 Fodhelper process, which is there to run programs without administrator rights. TrickBot is also programmed to first check which OS is on and then to start a bypass that works accordingly. In addition to the Fodhelper bypass for Windows 10, the bypass for Windows 7 is also known. Both workarounds have been known for years.

    Trojan TrickBot

    The Trojan bypasses user account control with the help of the Fodhelper UAC Bypass comes from the legitimate Microsoft tool fodhelper.exe, which is located in the Windows \ System32 folder. It allows other programs to be run without administrator rights. Fodhelper-exe is a trusted Windows 10 file that TrickBot uses to run malicious code using the registry method while bypassing user account control. Since Windows 10 fodhelper classifies trustworthily, an automatic extension of user rights is possible without the user account control intervening. There is also no request for programs that are started by Fodhelper.

    TrickBot takes advantage of this part. Since there is no warning from the user account control, users are also unable to recognize that malware is running on their computer. Examples are the banking Trojan Rootkit, which also uses the Fodhelper bypass. TrickBot has been trying to turn off various Windows Defender scan options since July 2019.TrickBot made the headlines last July as the Trojan tried to bypass Windows Defender by disabling various scanning options. With the new trick, additional security functions are eliminated.

    Recent Articles

    Millions of RDP attacks on home offices

    Since the corona related move to the home office, the number of daily hacker attacks on remote desktop connections has increased more than tenfold....

    KuCion crypto confirms 150 million dollar security breach

    Cyber criminals were able to steal from the KuCion crypto and stole coins worth millions. On the evening of last Friday, KuCion crypto noticed...

    Hungarian banks were the target of a massive DDoS attack

    Several banks and the Hungarian Telekom have been the target of a cyber attack. The attacks are said to have come in several waves...

    The source code of Windows XP is leaked

    The source code of Windows XP is currently freely accessible. The media says that data first appeared on 4chan and is currently being exchanged...

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox