Targeting financial, manufacturing, and retail, Trickbot has begun deploying new tools and modules to steal data from their victims. Included in these new tools is the newly discovered Anchor malware: a stealthy backdoor that Trickbot downloads after infecting a victim’s computer. While Anchor is a completely different malware than Trickbot, it appears to be related to Trickbot through the use of shared server infrastructure. Additionally, Anchor identifies infected computers with a GUID that is almost identical to Trickbot’s GUID.
Note: this post was originally shared on https://squiblydoo.blog/ by a member of the Binary Defense Team. In