Cybersecurity experts think that Anchor is a malicious application that was created by hackers who are interested in financial gain. That is because the malware was noticed to be used in attacks on the Point of Sale or PoS systems. Also, it is believed that hackers are still updating the threat, which means there could be lots of versions of it. Further, in this article, we explain how such malicious applications might work, how they could enter a system, and other essential details. If you want to know how you could delete Anchor manually, you should have a look at the instructions located at the end of this article as soon as you read it. However, we should stress that they may not work and that if you want to be sure that the malware gets eliminated, you should use a legitimate antimalware tool.
FIN6 is a cybercrime group that is concentrated on hacking retailers and stealing payment information from the Point of Sale systems, which is why specialists believe it might be behind Anchor. The connection is even more possible considering that the malicious application in question might be spread with a newer version of TrickBot, which has been associated with FIN6 in the past. This also means that if you find Anchor on your system, it is likely that you have TrickBot as well.
Our researchers say that such threats can be distributed through Spam emails, malicious notifications, and so on. Researchers who investigated a few TrickBot attacks discovered that its victims received emails with links leading to files that appeared to be text documents hosted on Google Docs. For example, such files could be called Annual Bonus Report.doc. If opened, the malicious files should show a fake notification asking to update Microsoft Word and secretly drop the TrickBot downloader. It appears that after it is downloaded, it might drop Anchor.
To avoid such threats, we recommend being cautious with all files that come unexpectedly and from unknown sources. Instead of rushing to open such data, you should scan it with a reliable antimalware tool first. A scan may allow you to learn if a file has any malicious components. In case it does, your chosen antimalware tool, should warn you about it and help you get rid of the scanned data. Always remember that malicious files might look harmless, so you should never lose your guard even with text files or other documents, pictures, and so on.
There are a few known types of Anchor threats: Anchor, Old Anchor_DNS, and New Anchor_DNS. The first one was used in attacks that occurred in 2018, while DNS versions were discovered in 2019. It is said that they are still being updated and that more versions of them might show up. For example, the latest variant (New Anchor_DNS) does not have the self-deletion feature that both of the previous versions had. Nonetheless, unlike Anchor and Old Anchor_DNS, the new variant has obfuscated code. Also, researchers say that it can connect to its creator’s server to transfer data that it might obtain while staying on an infected device as well as download additional payload and receive commands.
Reports also say that Anchor might be able to avoid detection, which means noticing it on a system could be an impossible task. In case you do find it on your device, you could try to remove it manually while following the instructions located below, but we cannot promise that completing them will erase the malware. Thus, it would be safer to delete Anchor with a reliable antimalware tool.
Windows 8 and Windows 10
Windows XP/Windows Vista/Windows 7