Security News > 2021 > March > Linux Systems Under Attack By New RedXOR Malware

Researchers have discovered a new backdoor targeting Linux systems, which they link back to the Winnti threat group.
The latter fact provides a clue that RedXOR is utilized in targeted attacks against legacy Linux systems, noted researchers.
RedXOR creates a hidden folder inside a home folder, which is then utilized to store files related to the malware.
Researchers said they found "Key similarities" between RedXOR and other previously reported malware that is associated with Winnti: the PWNLNX backdoor, the XOR.DDOS botnet and the Groundhog botnet.
Researchers said that 2020 saw a 40-percent increase in new Linux malware families - a new record at 56 malware strains.
"Linux systems are under constant attack given that Linux runs on most of the public cloud workload," said Intezer researchers.
News URL
https://threatpost.com/linux-systems-redxor-malware/164689/
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)