Threat Watch

Trickbot’s Anchor Framework Malware Comes to Linux

Originally discovered by Stage 2 Security researcher Waylon Grange and reported by Bleeping Computer, a new sample of Trickbot’s Anchor Framework has been discovered for Linux, aptly named “Anchor_Linux.” Trickbot’s Anchor Framework is typically deployed on high-value, high-impact targets with valuable financial information. The new Linux variant serves as an initial foothold for server environments and can be used to spread laterally to Windows machines in a Linux or UNIX environment.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

As this Linux variant will typically be deployed to systems after an initial phishing email, Binary Defense recommends using caution when opening any files from unknown sources such as email. Additionally, Anchor_Linux saves a log to /tmp/anchor.log, which users can use to identify if they are infected.
https://www.bleepingcomputer.com/news/security/linux-warning-trickbot-malware-is-now-infecting-your-systems/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support