(800) 664-1229 ds@bluediamondwebs.com
Select Page

The notorious TrickBot malware made a name for itself in 2019 when it started carrying out illegal activities including, credential theft, stealing personal information, Windows domain infiltration, and also acted as a malware dropper.

Up until now, TrickBot was known as a multi-purpose Windows malware with several modules affecting the operating system, but now one of the modules of the TrickBot framework dubbed “Anchor_DNS” has been ported to infect Linux devices. Anchor_DNS usually targets high-value systems to steal valuable financial information.

A security researcher named Waylon Grange, from Stage 2 Security, discovered that Anchor_DNS is ported to a Linux version called ‘Anchor_Linux.’ With evolution, the Linux version of the malware can target several IoT devices, including routers, VPN devices, and NAS devices running on Linux.

As analyzed by Advanced Intel’s Vitali Kremez, Anchor_Linux uses the following crontab entry to run every minute once installed:

*/1 * * * * root [filename]