Security News > 2021 > January > Linux malware uses open-source tool to evade detection
TeamTNT now further upgraded their malware to evade detection after infecting and deploying malicious coinminer payloads on Linux devices.
"The group is using a new detection evasion tool, copied from open source repositories," AT&T Alien Labs security researcher Ofer Caspi says in a report published today.
This tool is known as libprocesshider and is an open-source tool available on Github that can be used to hide any Linux process with the help of the ld preloader.
The detection evasion tool is deployed on infected systems as a base64 encoded bash script embedded within the TeamTNT ircbot or cryptominer binary.
"Through the use of libprocesshider, TeamTNT once again expands their capabilities based on the available open source tools," Caspi concluded.
One month later, the malware was observed by Intezer while deploying the legitimate Weave Scope open-source tool to take control of victims' Docker, Kubernetes, Distributed Cloud Operating System, or AWS Elastic Compute Cloud cloud infrastructure.
News URL
Related news
- Stealthy 'sedexp' Linux malware evaded detection for two years (source)
- New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules (source)
- 'Hadooken' Linux malware targets Oracle WebLogic servers (source)
- New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (source)
- New Linux malware Hadooken targets Oracle WebLogic servers (source)