DoubleAgent analyzes a newly identified Linux variant of DPRK-attributed FASTCash malware built for payment-switch environments that process card transactions. The Ubuntu 20.04 sample adds to earlier AIX and Windows FASTCash variants and appears related to Windows samples through shared fraudulent transaction-response properties. Its core function is to intercept declined magnetic-stripe transaction messages for predefined cardholder account numbers and authorize withdrawals with random Turkish-lira amounts. The report places the malware on compromised bank or interbank switch infrastructure, where weak or missing message-integrity checks can allow transaction tampering that enables ATM cash-out activity.