Security News > 2021 > January > Linux malware uses open-source tool to evade detection

Linux malware uses open-source tool to evade detection
2021-01-27 15:16

TeamTNT now further upgraded their malware to evade detection after infecting and deploying malicious coinminer payloads on Linux devices.

"The group is using a new detection evasion tool, copied from open source repositories," AT&T Alien Labs security researcher Ofer Caspi says in a report published today.

This tool is known as libprocesshider and is an open-source tool available on Github that can be used to hide any Linux process with the help of the ld preloader.

The detection evasion tool is deployed on infected systems as a base64 encoded bash script embedded within the TeamTNT ircbot or cryptominer binary.

"Through the use of libprocesshider, TeamTNT once again expands their capabilities based on the available open source tools," Caspi concluded.

One month later, the malware was observed by Intezer while deploying the legitimate Weave Scope open-source tool to take control of victims' Docker, Kubernetes, Distributed Cloud Operating System, or AWS Elastic Compute Cloud cloud infrastructure.


News URL

https://www.bleepingcomputer.com/news/security/linux-malware-uses-open-source-tool-to-evade-detection/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2337 1502 67 3970