Security News > 2022 > June > Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector

Cybersecurity researchers have taken the wraps off what they call a "Nearly-impossible-to-detect" Linux malware that could be weaponized to backdoor infected systems.

Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal itself within running processes and network traffic and drain a victim's resources like a parasite.

The operators behind Symbiote are believed to have commenced development on the malware in November 2021, with the threat actor predominantly using it to target the financial sector in Latin America, including banks like Banco do Brasil and Caixa.

"What makes Symbiote different from other Linux malware is that it infects running processes rather than using a standalone executable file to inflict damage."

Upon hijacking all running processes, Symbiote enables rootkit functionality to further hide evidence of its presence and provides a backdoor for the threat actor to log in to the machine and execute privileged commands.

"Since the malware operates as a user-land level rootkit, detecting an infection may be difficult," the researchers concluded.

News URL

https://thehackernews.com/2022/06/symbiote-stealthy-linux-malware.html