The creators of the TrickBot have once again updated their malware with new functionality and now it can target Linux devices through its new DNS command and control tool Anchor_DNS.
While TrickBot originally started out as a banking trojan, the malware has evolved to perform other malicious behaviors including spreading laterally through a network, stealing saved credentials in browsers, stealing cookies, checking a device’s screen resolution and now infecting Linux as well as Windows devices.
TrickBot is also malware-as-a-service and cybercriminals rent access to it in order to infiltrate networks and steal valuable data. Once this is done, they then use it to deploy ransomware such as Ryuk and Conti in order to encrypt devices on the network as the final stage of their attack.
- We’ve put together a list of the best malware removal software
- Also check out our roundup of the best ransomware protection
- Protect your privacy online with one of the best VPNs
At the end of last year, SentinelOne and NTT reported that a new TrickBot framework called anchor uses DNS to communicate with its C&C servers. Anchor_DNS is used to launch attacks against high-value and high-impact targets that posses valuable financial information. The TrickBot Anchor can also be used as a backdoor in APT-like campaigns which target both point-of-sale and financial systems.