{"id":47850,"date":"2016-03-04T14:42:17","date_gmt":"2016-03-04T22:42:17","guid":{"rendered":"https:\/\/blogs.mcafee.com\/?p=47850"},"modified":"2025-06-06T02:15:17","modified_gmt":"2025-06-06T09:15:17","slug":"trillium-toolkit-leads-widespread-malware","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/trillium-toolkit-leads-widespread-malware\/","title":{"rendered":"Trillium Toolkit Leads to Widespread Malware"},"content":{"rendered":"

Any aspiring cybercriminal can buy\u00a0one of many malicious toolkits to craft a downloader and distribute malware.\u00a0After a time these downloaders are\u00a0leaked to forums and other download sites and become available to the masses. This is often when we see a spike in their use.<\/p>\n

The toolkit Trillium Security MultiSploit Tool v3 was cracked last week and uploaded onto several malicious forums.<\/p>\n

\"tril_010316_001\"<\/p>\n

Trillium was created by a coder using the same name. The program contains a EULA that mentions it should not be used maliciously, but we are well aware that these types of kits are used for\u00a0generating malware.<\/p>\n

\"tril_010316_002\"<\/p>\n

In order to use the builder, the user\u00a0needs to acknowledge the EULA by\u00a0clicking on a button. So we guess everyone who is using it is violating the policy.<\/p>\n

Whenever you use the tool to create an exploit or a downloader you are reminded yet again not to use it maliciously.<\/p>\n

.\"tril_010316_003\"<\/p>\n

Version 1 of this this tool appeared for sale at the end of last year for US$300 on a popular hacking forum. Since then, it has been updated to Version 3.<\/p>\n

\"tril_010316_004\"<\/p>\n

This toolkit allows the user to create several types of downloaders. It breaks them down into three\u00a0options:<\/p>\n