Security News > 2021 > March > Linux Systems Under Attack By New RedXOR Malware
Researchers have discovered a new backdoor targeting Linux systems, which they link back to the Winnti threat group.
The latter fact provides a clue that RedXOR is utilized in targeted attacks against legacy Linux systems, noted researchers.
RedXOR creates a hidden folder inside a home folder, which is then utilized to store files related to the malware.
Researchers said they found "Key similarities" between RedXOR and other previously reported malware that is associated with Winnti: the PWNLNX backdoor, the XOR.DDOS botnet and the Groundhog botnet.
Researchers said that 2020 saw a 40-percent increase in new Linux malware families - a new record at 56 malware strains.
"Linux systems are under constant attack given that Linux runs on most of the public cloud workload," said Intezer researchers.
News URL
https://threatpost.com/linux-systems-redxor-malware/164689/
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)