Security News > 2021 > March > Linux Systems Under Attack By New RedXOR Malware
Researchers have discovered a new backdoor targeting Linux systems, which they link back to the Winnti threat group.
The latter fact provides a clue that RedXOR is utilized in targeted attacks against legacy Linux systems, noted researchers.
RedXOR creates a hidden folder inside a home folder, which is then utilized to store files related to the malware.
Researchers said they found "Key similarities" between RedXOR and other previously reported malware that is associated with Winnti: the PWNLNX backdoor, the XOR.DDOS botnet and the Groundhog botnet.
Researchers said that 2020 saw a 40-percent increase in new Linux malware families - a new record at 56 malware strains.
"Linux systems are under constant attack given that Linux runs on most of the public cloud workload," said Intezer researchers.
News URL
https://threatpost.com/linux-systems-redxor-malware/164689/
Related news
- Stealthy 'sedexp' Linux malware evaded detection for two years (source)
- New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (source)
- 'Hadooken' Linux malware targets Oracle WebLogic servers (source)
- New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (source)
- New Linux malware Hadooken targets Oracle WebLogic servers (source)