Security News > 2021 > April > Tor-Based Linux Botnet Abuses IaC Tools to Spread

Tor-Based Linux Botnet Abuses IaC Tools to Spread
2021-04-23 16:56

A recently observed malware botnet targeting Linux systems is employing many of the emerging techniques among cyber-criminals, such as the use of Tor proxies, legitimate DevOps tools, and the removal of competing malware, according to new research from anti-malware vendor Trend Micro.

The researchers say the malware is capable of downloading all of the files it needs from the Tor anonymity network, including post-infection scripts and legitimate, essential binaries that might be missing from the environment, such as ss, ps, and curl.

The Linux malware can run on a multitude of system architectures, with the initial script designed to perform several checks on the target before downloading additional files and continuing the infection process.

Thus, Trend Micro believes that the threat actor behind the botnet might be setting up for launching a broader campaign targeting Linux systems.

The observed malware sample can remove certain cloud-related services and agents and abuse infrastructure-as-code tools such as Ansible, Chef, and SaltStack, to spread to other systems.

"This malware sample does not need other software; the Linux operating system is the only requirement for the malware to run and spread. It downloads the essential tools because not every environment targeted for infection has them and it's likely that the user doesn't have the necessary permissions to install them on the system," Trend Micro added.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/0qHmWQiT130/tor-based-linux-botnet-abuses-iac-tools-spread

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2312 1489 67 3932