TrickBot is back again in the news, after infecting nearly 250 million Google accounts, this time it has resurfaced with some new tricks - that's capable of disabling the Windows inbuilt antivirus software altogether.
Microsoft introduced the Windows Defender Advanced Threat Protection to its newest operating system, Windows 10, which protect the PCs by moving it up from isolated defenses to a smart, interconnected, and coordinated defense grid that is intelligent, simple to manage, and ever evolving.
But TrickBot has proven that the hallowed defense isn't quite foolproof, as the malware variant now has the ability to disable Windows Defender by deploying some tricks, which includes the deletion of the WinDefend service and subsequently terminating its associated processes.
TrickBot also deploys a DisableAntiSpyware Windows policy to fully thwart the Windows Defender, and equally disabling the real-time protection and Windows security notification service.
Though, there are still some level of protections available for Windows 10 users, like blocking access to Windows Registry and removal of admin rights, which can prevent TrickBot from successfully disabling the Windows Defender. Albeit, this line of defense itself will depend on how advanced the particular variant of TrickBot is actually, as it is known to download additional payloads in order to gain higher system privileges.
However, Windows 10 users should ensure that the “Tamper Protection” feature is enabled, even though the feature remains ‘On’ by default, the malware is capable of of disabling it and as long as it is enabled, Windows 10 users shouldn't be so much worried about the Trojan, as it makes it relatively safer by preventing the disabling of the Windows Defender.