Security News > 2022 > June > New Symbiote malware infects all running processes on Linux systems
A newly discovered Linux malware known as Symbiote infects all running processes on compromised systems, steals account credentials, and gives its operators backdoor access.
After injecting itself into all running processes, the malware acts as a system-wide parasite, leaving no identifiable signs of infection even during meticulous in-depth inspections.
Symbiote uses the BPF hooking functionality to sniff network data packets and to hide its own communication channels from security tools.
Instead of having the typical form of an executable, Symbiote is a shared object library that gets loaded into running processes using the LD PRELOAD directive to gain priority against other SOs.
To hide its malicious network activity on the compromised machine, Symbiote scrubs connection entries it wants to hide, performs packet filtering via BPF, and removes UDP traffic to domain names in its list.
This stealthy new malware is primarily used for automated credential harvesting from hacked Linux devices by hooking the "Libc read" function.
News URL
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)