Linux users, beware: TrickBot malware is no longer Windows-exclusive

The creators of the TrickBot have once again updated their malware with new functionality and now it can target Linux devices through its ...

The creators of the TrickBot have once again updated their malware with new functionality and now it can target Linux devices through its new DNS command and control tool Anchor_DNS.

While TrickBot originally started out as a banking trojan, the malware has evolved to perform other malicious behaviors including spreading laterally through a network, stealing saved credentials in browsers, stealing cookies, checking a device's screen resolution and now infecting Linux as well as Windows devices.

TrickBot is also malware-as-a-service and cybercriminals rent access to it in order to infiltrate networks and steal valuable data. Once this is done, they then use it to deploy ransomware such as Ryuk and Conti in order to encrypt devices on the network as the final stage of their attack.

At the end of last year, SentinelOne and NTT reported that a new TrickBot framework called anchor uses DNS to communicate with its C&C servers. Anchor_DNS is used to launch attacks against high-value and high-impact targets that posses valuable financial information. The TrickBot Anchor can also be used as a backdoor in APT-like campaigns which target both point-of-sale and financial systems.

Anchor_DNS

Up until now, Anchor has been a Windows malware but Stage 2 Security researcher Waylon Grange discovered a new sample which shows that Anchor_DNS has been ported to a new Linux backdoor version called 'Anchor_Linux'.

In addition to acting as a backdoor that can be used to drop and run malware on Linux devices, the malware also contains and embedded Windows TrickBot executable that can be used to infect Windows machines on the same network.

Once copied to a Windows device, Anchor_Linux then configures itself as a Windows service. After configuration, the malware is tarted on the Windows host and it connects back to an attacker's C&C server where it receives commands to execute.

The fact that TrickBot has been ported to Linux is especially worrying since many IoT devices including routers, VPN devices and NAS devices run on Linux. Concerned Linux users can find out if they have been infected by looking for a log file at /tmp/anchor.log on their systems. If this file is found, users should perform a complete audit of their systems to search for the Anchor_Linux malware.

Via BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/3hV6rRd
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Linux users, beware: TrickBot malware is no longer Windows-exclusive
Linux users, beware: TrickBot malware is no longer Windows-exclusive
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2020/08/linux-users-beware-trickbot-malware-is.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2020/08/linux-users-beware-trickbot-malware-is.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy