Security News > 2021 > January > Linux malware authors use Ezuri Golang crypter for zero detection
Multiple malware authors are using the "Ezuri" crypter and memory loader to make their code undetectable to antivirus products.
According to a report released by AT&T Alien Labs, multiple threat actors are using Ezuri crypter to pack their malware and evade antivirus detection.
Although Windows malware have been known to deploy similar tactics, threat actors are now using Ezuri for infiltrating Linux environments as well.
Researchers Ofer Caspi and Fernando Martinez of AT&T Alien Labs noted after decrypting the AES-encrypted payload, Ezuri immediately passes the resulting code to the runFromMemory function as an argument without dropping malware files anywhere on the infected system.
During the last few months, Caspi and Martinez identified several malware authors that pack their samples with Ezuri.
Update 7-Jan-2020: Added statement from malware researcher and Ezuri creator, Bonicontro/TMZ..
News URL
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)