"Hackers Use TrickGate Software to Deploy Emotet, REvil, Other Malware"

Security researchers at Check Point Research have discovered that a malicious live software service named TrickGate has been used by threat actors to bypass endpoint detection and response (EDR) protection software for over six years.  The researchers found that several threat actors from groups such as Emotet, REvil, Maze, and more exploited the service to deploy malware.  More specifically, the researchers estimated that, throughout the last two years, threat actors conducted between 40 and 650 attacks per week using TrickGate. Victims were located mainly in the manufacturing sector but also education, healthcare, finance, and business enterprises.  The researchers noted that the attacks are distributed worldwide, with an increased concentration in Taiwan and Turkey.  The most popular malware family used in the last two months is Formbook, marking 42% of the total tracked distribution.  TrickGate managed to stay under the radar for years due to its transformative property of undergoing periodic changes.

Infosecurity reports: "Hackers Use TrickGate Software to Deploy Emotet, REvil, Other Malware"