Security News > 2022 > June > Linux Malware Deemed ‘Nearly Impossible’ to Detect
A new Linux malware that's "Nearly impossible to detect" can harvest credentials and gives attackers remote access and rootkit functionality by acting in a parasitic way to infect targets, researchers said.
The name is an homage to how the malware operates, which is differently than other Linux malware that researchers have encountered, Kennedy explained.
In addition to the rootkit capability, the malware also provides a backdoor for the threat actor to log in as any user on the machine with a hardcoded password, and to execute commands with the highest privileges, he added.
"Once the malware has infected a machine, it hides itself and any other malware used by the threat actor, making infections very hard to detect," he explained.
Unusual DNS requests may be one way to detect if the malware is present on a system, researchers noted.
To gain remote access to an infected machine, the malware hooks a few Linux Pluggable Authentication Module functions, which allows it to authenticate to the machine with any service that uses PAM-including remote services such as Secure Shell, Kennedy said.
News URL
https://threatpost.com/linux-malware-impossible-detect/179944/
Related news
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT (source)
- Watch out for any Linux malware sneakily evading syscall-watching antivirus (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- Linux wiper malware hidden in malicious Go modules on GitHub (source)