Originally discovered by Stage 2 Security researcher Waylon Grange and reported by Bleeping Computer, a new sample of Trickbot’s Anchor Framework has been discovered for Linux, aptly named “Anchor_Linux.” Trickbot’s Anchor Framework is typically deployed on high-value, high-impact targets with valuable financial information. The new Linux variant serves as an initial foothold for server environments and can be used to spread laterally to Windows machines in a Linux or UNIX environment.
Analyst Notes
As this Linux variant will typically be deployed to systems after an initial phishing email, Binary Defense recommends using caution when opening any files from unknown sources such as email. Additionally, Anchor_Linux saves a log to /tmp/anchor.log, which users can use to identify if they are infected.
https://www.bleepingcomputer.com/news/security/linux-warning-trickbot-malware-is-now-infecting-your-systems/
