Trickbot is about as bad as they come in the world of malware. Originally a malware strain from the Windows ecosystem, security professionals have recently found samples of the code in the wild that prove that Trickbot has made the jump to the Linux world as well.
One of the things that makes this such a nasty little threat is the fact that it’s best viewed as a multi-function toolkit.
It isn’t just simple malware, which often has a limited bag of tricks and a very specific function. This is essentially the Swiss Army Knife of malware.
Another is the fact that just about any would-be hacker can get his or her hands on the code. Trickbot is often rented by hackers around the world who use it as a service to infiltrate whatever network they set their sights on and harvest whatever sort of data they’re after.
Finally, though, there’s the fact that a Trickbot attack isn’t ‘just’ a Trickbot attack. Once that malware strain has stolen whatever data the user wanted, it will often then be used to deploy a ransomware strain like Conti or Ryuk. It hits the target system with a devastating one-two punch, stealing yet more data and then encrypting files and locking down broad swaths of the victim’s network.
One of the researchers who made the discovery had this to say about the new Linux threat:
“The malware acts as a covert backdoor persistence tool in UNIX environment used as a pivot for Windows exploitation as well as used as an unorthodox initial attack vector outside of email phishing. It allows the group to target and infect servers in a UNIX environment (such as routers) and use it to pivot to corporate networks.”
This is bad news indeed, especially given that many of the devices that make up the burgeoning Internet of Things run on a Linux operating system. Therefore, most don’t have even rudimentary protection against hackers. Beware of this one. It is dangerous indeed.