Security News > 2022 > June > Symbiote Linux malware spotted, and infections are 'very hard to detect'
Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team have analyzed an unusual piece of Linux malware they say is unlike most seen before - it isn't a standalone executable file.
Analysis of the Symbiote malware and its behavior suggest it may have been developed in Brazil.
"Since it is extremely evasive, a Symbiote infection is likely to 'fly under the radar.' In our research, we haven't found enough evidence to determine whether Symbiote is being used in highly targeted or broad attacks," the researchers wrote in their report.
Symbiote's objectives aren't particularly novel - the researchers even point out malware like Ebury, which was similar in purpose and technique.
"As no code is shared between Symbiote and Ebury/Windigo or any other known malware, we can confidently conclude that Symbiote is a new, undiscovered Linux malware," the researchers said.
Second, statically link all AV and EDR software so Symbiote can't render itself invisible from them as well.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/10/symbiote_linux_malware/
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)