Security News > 2022 > June > Linux Malware Deemed ‘Nearly Impossible’ to Detect
A new Linux malware that's "Nearly impossible to detect" can harvest credentials and gives attackers remote access and rootkit functionality by acting in a parasitic way to infect targets, researchers said.
The name is an homage to how the malware operates, which is differently than other Linux malware that researchers have encountered, Kennedy explained.
In addition to the rootkit capability, the malware also provides a backdoor for the threat actor to log in as any user on the machine with a hardcoded password, and to execute commands with the highest privileges, he added.
"Once the malware has infected a machine, it hides itself and any other malware used by the threat actor, making infections very hard to detect," he explained.
Unusual DNS requests may be one way to detect if the malware is present on a system, researchers noted.
To gain remote access to an infected machine, the malware hooks a few Linux Pluggable Authentication Module functions, which allows it to authenticate to the machine with any service that uses PAM-including remote services such as Secure Shell, Kennedy said.
News URL
https://threatpost.com/linux-malware-impossible-detect/179944/
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Chinese hackers target Linux with new WolfsBane malware (source)