Security News > 2022 > June > Symbiote Backdoor in Linux

Symbiote Backdoor in Linux
2022-06-22 11:07

What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines.

Instead of being a standalone executable file that is run to infect a machine, it is a shared object library that is loaded into all running processes using LD PRELOAD, and parasitically infects the machine.

Once it has infected all the running processes, it provides the threat actor with rootkit functionality, the ability to harvest credentials, and remote access capability.

Researchers have unearthed a discovery that doesn't occur all that often in the realm of malware: a mature, never-before-seen Linux backdoor that uses novel evasion techniques to conceal its presence on infected servers, in some cases even with a forensic investigation.

There's no evidence of infections in the wild, only malware samples found online.

It's unlikely this malware is widely active at the moment, but with stealth this robust, how can we be sure?


News URL

https://www.schneier.com/blog/archives/2022/06/symbiote-backdoor-in-linux.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2602 1595 67 4328