If you are someone who relies on “Windows Defender” on Windows 10 to protect your device from malware threats, you should know about the new version of TrickBot malware that attempts to disable the antivirus software altogether.
TrickBot Trojan isn’t exactly new as it surfaces from time to time. The last we heard about TrickBot was a couple of weeks ago when it managed to infect nearly 250 million Gmail accounts with new cookie stealing abilities.
For the uninitiated, TrickBot is a trojan that tries to steal bank account information, crypto wallets, browser data, and other credentials saved on your PC and browser.
Every time TrickBot surfaces, it has newly added capabilities. This time, it has the ability to disable Windows Defender and deploys about 17 steps to achieve it.
According to Bleeping Computer, TrickBot tries to delete the WinDefend service and terminates associated processes. It also adds a DisableAntiSpyware Windows policy to disable Windows Defender.
It goes the extra malware mile by disabling Windows Defender real-time protection and Windows security notifications. Bleeping Computer’s report states:
“These methods utilize either Registry settings or the Set-MpPreference PowerShell command to set Windows Defender preferences.”
By blocking access to the Windows Registry and removing a user’s admin rights by default, TrickBot can be prevented from disabling Windows Defender.
That being said, a lot depends on how advanced the particular strain of TrickBot is because it appears to download additional payloads “to gain higher system privileges once executed.”
Windows 10 users can make use of AppLocker to control which apps and files they can run. It covers executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
Another thing Windows 10 users should check is whether “Tamper Protection” is enabled or not. This feature usually remains ‘On’ by default and as long as it is enabled, Windows 10 users should be relatively safe from getting their Windows Defender disabled.
One thing we can say for sure is that the authors of TrickBot are constantly adding new tricks and methods to bypass security so you should keep your device as secure as possible.