Security News > 2022 > June > Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector
Cybersecurity researchers have taken the wraps off what they call a "Nearly-impossible-to-detect" Linux malware that could be weaponized to backdoor infected systems.
Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal itself within running processes and network traffic and drain a victim's resources like a parasite.
The operators behind Symbiote are believed to have commenced development on the malware in November 2021, with the threat actor predominantly using it to target the financial sector in Latin America, including banks like Banco do Brasil and Caixa.
"What makes Symbiote different from other Linux malware is that it infects running processes rather than using a standalone executable file to inflict damage."
Upon hijacking all running processes, Symbiote enables rootkit functionality to further hide evidence of its presence and provides a backdoor for the threat actor to log in to the machine and execute privileged commands.
"Since the malware operates as a user-land level rootkit, detecting an infection may be difficult," the researchers concluded.
News URL
https://thehackernews.com/2022/06/symbiote-stealthy-linux-malware.html
Related news
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT (source)