Skip to main content

Trickbot Adds New Trick Linux Malware

By August 17, 2020May 5th, 2022Cybersecurity

Trickbot is about as bad as they come in the world of malware. Originally a malware strain from the Windows ecosystem, security professionals have recently found samples of the code in the wild that prove that Trickbot has made the jump to the Linux world as well.

One of the things that makes this such a nasty little threat is the fact that it’s best viewed as a muti-function toolkit.

It isn’t just simple malware, which often has a limited bag of tricks and a very specific function. This is essentially the Swiss Army Knife of malware.

Another is the fact that just about any would-be hacker can get his or her hands on the code. Trickbot is often rented by hackers around the world who use it as a service to infiltrate whatever network they set their sights on and harvest whatever sort of data they’re after.

Finally though, there’s the fact that a Trickbot attack isn’t ‘just’ a Trickbot attack. Once that malware strain has stolen whatever data the user wanted, it will often then be used to deploy a ransomware strain like Conti or Ryuk. It hits the target system with a devastating one-two punch, stealing yet more data and then encrypting files and locking down broad swaths of the victim’s network.

One of the researchers who made the discovery had this to say about the new Linux threat:

The malware acts as a covert backdoor persistence tool in UNIX environment used as a pivot for Windows exploitation as well as used as an unorthodox initial attack vector outside of email phishing. It allows the group to target and infect servers in UNIX environment (such as routers) and use it to pivot to corporate networks.”

This is bad news indeed, especially given that many of the devices that make up the burgeoning Internet of Things run on a Linux operating system. Therefore, most don’t have even rudimentary protection against hackers. Beware of this one. It is dangerous indeed.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.