Symbiote Backdoor in Linux

2022-06-22 11:07

What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines.

Instead of being a standalone executable file that is run to infect a machine, it is a shared object library that is loaded into all running processes using LD PRELOAD, and parasitically infects the machine.

Once it has infected all the running processes, it provides the threat actor with rootkit functionality, the ability to harvest credentials, and remote access capability.

Researchers have unearthed a discovery that doesn't occur all that often in the realm of malware: a mature, never-before-seen Linux backdoor that uses novel evasion techniques to conceal its presence on infected servers, in some cases even with a forensic investigation.

There's no evidence of infections in the wild, only malware samples found online.

It's unlikely this malware is widely active at the moment, but with stealth this robust, how can we be sure?

News URL

https://www.schneier.com/blog/archives/2022/06/symbiote-backdoor-in-linux.html

#backdoor #linux

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		11	64	2337	1502	67	3970

News URL

Related news

Related vendor