Security News > 2022 > June > Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector
Cybersecurity researchers have taken the wraps off what they call a "Nearly-impossible-to-detect" Linux malware that could be weaponized to backdoor infected systems.
Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal itself within running processes and network traffic and drain a victim's resources like a parasite.
The operators behind Symbiote are believed to have commenced development on the malware in November 2021, with the threat actor predominantly using it to target the financial sector in Latin America, including banks like Banco do Brasil and Caixa.
"What makes Symbiote different from other Linux malware is that it infects running processes rather than using a standalone executable file to inflict damage."
Upon hijacking all running processes, Symbiote enables rootkit functionality to further hide evidence of its presence and provides a backdoor for the threat actor to log in to the machine and execute privileged commands.
"Since the malware operates as a user-land level rootkit, detecting an infection may be difficult," the researchers concluded.
News URL
https://thehackernews.com/2022/06/symbiote-stealthy-linux-malware.html
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)