Security News > 2022 > June > Linux Malware Deemed ‘Nearly Impossible’ to Detect
A new Linux malware that's "Nearly impossible to detect" can harvest credentials and gives attackers remote access and rootkit functionality by acting in a parasitic way to infect targets, researchers said.
The name is an homage to how the malware operates, which is differently than other Linux malware that researchers have encountered, Kennedy explained.
In addition to the rootkit capability, the malware also provides a backdoor for the threat actor to log in as any user on the machine with a hardcoded password, and to execute commands with the highest privileges, he added.
"Once the malware has infected a machine, it hides itself and any other malware used by the threat actor, making infections very hard to detect," he explained.
Unusual DNS requests may be one way to detect if the malware is present on a system, researchers noted.
To gain remote access to an infected machine, the malware hooks a few Linux Pluggable Authentication Module functions, which allows it to authenticate to the machine with any service that uses PAM-including remote services such as Secure Shell, Kennedy said.
News URL
https://threatpost.com/linux-malware-impossible-detect/179944/
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)