Security News > 2022 > July > Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow

Cybersecurity researchers have taken the wraps off a new and entirely undetected Linux threat dubbed OrBit, signally a growing trend of malware attacks geared towards the popular operating system.

The malware gets its name from one of the filenames that's utilized to temporarily store the output of executed commands, according to cybersecurity firm Intezer.

"The malware implements advanced evasion techniques and gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands."

OrBit is the fourth Linux malware to have come to light in a short span of three months after BPFDoor, Symbiote, and Syslogk.

"What makes this malware especially interesting is the almost hermetic hooking of libraries on the victim machine, that allows the malware to gain persistence and evade detection while stealing information and setting SSH backdoor," Fishbein said.

"Threats that target Linux continue to evolve while successfully staying under the radar of security tools, now OrBit is one more example of how evasive and persistent new malware can be."

News URL

https://thehackernews.com/2022/07/researchers-warn-of-new-orbit-linux.html