Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them

2021-07-29 13:00

Evasive techniques used by attackers, date back to the earlier days, when base64 and other common encoding schemes were used.

In this report, we highlight those common defense evasion techniques, which are common in malicious Linux shell scripts.

The malicious shell script also disables Linux security modules like SElinux, Apparmor.

AppArmour is a security feature in Linux which is used to lock down applications like Firefox for increased security.

One of the malicious scripts also contained common utilities like wget,curl used with different names.

These utilities are generally used to download files from the remote IP. Attackers use these utilities to download malicious files from C2.Some of the security solutions whose detection rules monitor the exact names of the utilities might not trigger the download event if wget,curl are used under different names.

News URL

https://threatpost.com/six-malicious-linux-shell-scripts-how-to-stop-them/168127/

#defense #linux

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		17	376	2475	1534	666	5051