Security News > 2022 > June > Symbiote Linux malware spotted, and infections are 'very hard to detect'
Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team have analyzed an unusual piece of Linux malware they say is unlike most seen before - it isn't a standalone executable file.
Analysis of the Symbiote malware and its behavior suggest it may have been developed in Brazil.
"Since it is extremely evasive, a Symbiote infection is likely to 'fly under the radar.' In our research, we haven't found enough evidence to determine whether Symbiote is being used in highly targeted or broad attacks," the researchers wrote in their report.
Symbiote's objectives aren't particularly novel - the researchers even point out malware like Ebury, which was similar in purpose and technique.
"As no code is shared between Symbiote and Ebury/Windigo or any other known malware, we can confidently conclude that Symbiote is a new, undiscovered Linux malware," the researchers said.
Second, statically link all AV and EDR software so Symbiote can't render itself invisible from them as well.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/10/symbiote_linux_malware/
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)