Trick Bot malware, a banking trojan that steals the sensitive information of the users, recently one of the module firmware of the Trick Bot dubbed as Anchor_DNS has been found infecting the Linux devices. In the recent framework, Trick bot malware infecting Linux devices
In recent years, Trick Bot malware has come up the upgraded version carrying out different illegal activities such as stealing personal information, sensitive credentials, domain infiltration and also as malware dropper.
From past some years, there has been an increase in the Linux malware that can also target IoT devices, routers, VPN devices and other devices running on Linux.
Anchor_Linux TrickBot Malware
After research, it has been found that the Trick Bot malware can act as a backdoor to infect the Linux devices and also contains a Windows executable embedded in it.
To infect the Windows devices the Anchor_Linux will copy the embedded executable file to the Windows devices on the same network using SMB and $IPC.
Intezer found a sample of the Anchor_Linux and says that “Lightweight backdoor with the ability to spread to neighbouring Windows boxes using svcctl via SMB.”
When installed, Anchor_Linux will configure itself to run every minute using the following crontab entry, Kremez told BleepingComputer.
*/1 * * * * root [filename]
“The malware acts as a covert backdoor persistence tool in UNIX environment used as a pivot for Windows exploitation as well as used as an unorthodox initial attack vector outside of email phishing. It allows the group to target and infect servers in UNIX environment (such as routers) and use it to pivot to corporate networks,” Kremez told BleepingComputer
How to check if your system is infected by Anchor_Linux malware or not
According to the security researchers, Anchor_Linux leaves the log file /tmp/anchor.log try searching the location that the file exists or not. If there exists such file you have to run a security audit for the Anchor_Linux.
Researchers also believe that Trick Bot Anchor_Linux is still under development and in future, the upgraded version will be more dangerous.
Tell us in the comments how much you loved our article on trick bot malware infecting linux devices.