Over the past few months, the cybersecurity industry’s most notorious tool, TrickBot, has also become its most potent enemy. Despite takedown attempts by Microsoft and the US Cyber Command, the tool has been developed even further, with its operators implementing a new technique that infects machines beyond operating systems and into the firmware. TrickBot has the ability to check victim computers for vulnerabilities that would allow attackers easy access into the network. The tool can also determine whether the hackers are able to plant a backdoor in the device’s firmware interface, allowing them to evade most antivirus detection, software updates, and other preventative measures.

The new technique is being referred to as TrickBoot and makes the hacker group behind the tool one of a handful to have experimented with Unified Extensible Firmware interface targeted malware. Vitali Kremez, CEO of cybersecurity research organization AdvIntel states that the possibilities for this new development are endless. The operators could partner with North Korean hackers as they have done in the past, penetrate victim firmware, and perform system takeover on high profile targets.

Read More: The Internet’s Most Notorious Botnet Has an Alarming New Trick