According to cybersecurity experts, May 2023 saw an increase in TrueBot activity. According to VMware’s Fae Carlisle, “TrueBot is a downloader trojan botnet that uses command and control servers to collect data on compromised systems and uses that compromised system as a launching point for additional attacks.”
Active at least since 2017, TrueBot is associated with a gang called Silence that is thought to have connections to the infamous Russian cybercriminal organisation known as Evil Corp. On the other hand, the attack chain described by VMware begins with a drive-by download of an executable with the name “update.exe” from Google Chrome, indicating that users may be tricked into downloading the malware under the guise of a software update.