Security News > 2022 > June > Linux Malware Deemed ‘Nearly Impossible’ to Detect

Linux Malware Deemed ‘Nearly Impossible’ to Detect
2022-06-14 10:55

A new Linux malware that's "Nearly impossible to detect" can harvest credentials and gives attackers remote access and rootkit functionality by acting in a parasitic way to infect targets, researchers said.

The name is an homage to how the malware operates, which is differently than other Linux malware that researchers have encountered, Kennedy explained.

In addition to the rootkit capability, the malware also provides a backdoor for the threat actor to log in as any user on the machine with a hardcoded password, and to execute commands with the highest privileges, he added.

"Once the malware has infected a machine, it hides itself and any other malware used by the threat actor, making infections very hard to detect," he explained.

Unusual DNS requests may be one way to detect if the malware is present on a system, researchers noted.

To gain remote access to an infected machine, the malware hooks a few Linux Pluggable Authentication Module functions, which allows it to authenticate to the machine with any service that uses PAM-including remote services such as Secure Shell, Kennedy said.


News URL

https://threatpost.com/linux-malware-impossible-detect/179944/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2613 1617 67 4361