Threat Watch

Share on facebook
Share on twitter
Share on linkedin

Trickbot’s Anchor Framework Malware Comes to Linux

Originally discovered by Stage 2 Security researcher Waylon Grange and reported by Bleeping Computer, a new sample of Trickbot’s Anchor Framework has been discovered for Linux, aptly named “Anchor_Linux.” Trickbot’s Anchor Framework is typically deployed on high-value, high-impact targets with valuable financial information. The new Linux variant serves as an initial foothold for server environments and can be used to spread laterally to Windows machines in a Linux or UNIX environment.

ANALYST NOTES

As this Linux variant will typically be deployed to systems after an initial phishing email, Binary Defense recommends using caution when opening any files from unknown sources such as email. Additionally, Anchor_Linux saves a log to /tmp/anchor.log, which users can use to identify if they are infected. https://www.bleepingcomputer.com/news/security/linux-warning-trickbot-malware-is-now-infecting-your-systems/

Contact Support

Please complete the form below and a member of our support team will respond as quickly as possible.