Ezuri Memory Loader Abused in Linux Attacks

2021-01-07 19:01

Security researchers at AT&T's Alien Labs have identified multiple malware attacks leveraging the Ezuri memory loader to execute payloads without writing them to disk.

Executed directly in memory, without leaving traces on disk, fileless malware is commonly used in attacks targeting Windows systems, but isn't often seen in malware attacks targeting Linux.

Written in Golang, the loader is based on the "Ezuri" code published on GitHub by a user going by the online handler of guitmz.

Over the past few months, several malware authors used the Ezuri loader, including TeamTNT, a cybercrime group focused on injecting distributed denial-of-service malware and crypto-miners into victim machines.

One of the samples used by the group is actually an Ezuri loader, based on code similarities with the original tool, AT&T's researchers say.

Several samples of the distributed denial of service-capable Internet of Things bot Gafgyt were also observed using the Ezuri loader and packer.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/S-JKW4Hcuq0/ezuri-memory-loader-abused-linux-attacks

#attack #linux

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		17	395	2079	1387	667	4528