Security News > 2020 > October > TrickBot Linux Variants Active in the Wild Despite Recent Takedown

TrickBot Linux Variants Active in the Wild Despite Recent Takedown
2020-10-28 22:07

Efforts to disrupt TrickBot may have shut down most of its critical infrastructure, but the operators behind the notorious malware aren't sitting idle.

According to new findings shared by cybersecurity firm Netscout, TrickBot's authors have moved portions of their code to Linux in an attempt to widen the scope of victims that could be targeted.

Over the past few weeks, twin efforts led by the US Cyber Command and Microsoft have helped to eliminate 94% of TrickBot's command-and-control servers that were in use and the new infrastructure the criminals operating TrickBot attempted to bring online to replace the previously disabled servers.

Despite the steps taken to impede TrickBot, Microsoft cautioned that the threat actors behind the botnet would likely make efforts to revive their operations.

At the end of 2019, a new TrickBot backdoor framework called Anchor was discovered using the DNS protocol to communicate with C2 servers stealthily.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/Mm4c07YORwA/trickbot-linux-variants-active-in-wild.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2312 1489 67 3932