Linux users, beware: TrickBot malware is no longer Windows-exclusive

Tech Radar – by Anthony Spadafora

The creators of the TrickBot have once again updated their malware with new functionality and now it can target Linux devices through its new DNS command and control tool Anchor_DNS.

While TrickBot originally started out as a banking trojan, the malware has evolved to perform other malicious behaviors including spreading laterally through a network, stealing saved credentials in browsers, stealing cookies, checking a device’s screen resolution and now infecting Linux as well as Windows devices.

TrickBot is also malware-as-a-service and cybercriminals rent access to it in order to infiltrate networks and steal valuable data. Once this is done, they then use it to deploy ransomware such as Ryuk and Conti in order to encrypt devices on the network as the final stage of their attack.

At the end of last year, SentinelOne and NTT reported that a new TrickBot framework called anchor uses DNS to communicate with its C&C servers. Anchor_DNS is used to launch attacks against high-value and high-impact targets that posses valuable financial information. The TrickBot Anchor can also be used as a backdoor in APT-like campaigns which target both point-of-sale and financial systems.

Read the rest here:

One thought on “Linux users, beware: TrickBot malware is no longer Windows-exclusive

Join the Conversation

Your email address will not be published. Required fields are marked *