TrickBot’s authors have moved portions of their code to Linux, according to new research. The criminals operating the financial Trojan first detected in 2016. Microsoft, US Cyber Command and Microsoft have helped to shut down 94% of TrickBot’s C2 servers. Microsoft cautioned that the threat actors behind the botnet would likely make efforts to revive their operations. A new TrickBot backdoor framework called Anchor was discovered using the DNS protocol to communicate with the C2 server. The module “allows the actors to leverage this framework against higher-profile victims,” said SentinelOne.
Source: https://thehackernews.com/2020/10/trickbot-linux-variants-active-in-wild.html