Security News > 2022 > July > Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow
Cybersecurity researchers have taken the wraps off a new and entirely undetected Linux threat dubbed OrBit, signally a growing trend of malware attacks geared towards the popular operating system.
The malware gets its name from one of the filenames that's utilized to temporarily store the output of executed commands, according to cybersecurity firm Intezer.
"The malware implements advanced evasion techniques and gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands."
OrBit is the fourth Linux malware to have come to light in a short span of three months after BPFDoor, Symbiote, and Syslogk.
"What makes this malware especially interesting is the almost hermetic hooking of libraries on the victim machine, that allows the malware to gain persistence and evade detection while stealing information and setting SSH backdoor," Fishbein said.
"Threats that target Linux continue to evolve while successfully staying under the radar of security tools, now OrBit is one more example of how evasive and persistent new malware can be."
News URL
https://thehackernews.com/2022/07/researchers-warn-of-new-orbit-linux.html
Related news
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (source)
- DinodasRAT malware targets Linux servers in espionage campaign (source)
- Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel (source)
- Researchers sinkhole PlugX malware server with 2.5 million unique IPs (source)
- New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials (source)